CVE-2025-1623 GDPR Cookie Compliance < 4.15.9 - Admin+ Stored XSS

The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-13602 Poll Maker < 5.5.4 - Admin+ Stored XSS

The Poll Maker WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0629

CVE-2025-0629 affects the Coronavirus (COVID-19) Notice Message WordPress plugin (

CVE-2025-1363

CVE-2025-1363 affects the WordPress plugin “URL Shortener | Conversion Tracking | AB Testing | WooCommerce” (versions up to 9.0.2). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs due to insufficient sanitisation/escaping of certain plugin settings, enabling a high-privilege ...

CVE-2024-9458

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2025-7703 · WordPress · The Form Maker

Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web WordPress plugin versions prior to 1.15.33 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for...

CVE-2024-13314

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13314

CVE-2024-13314 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” (pre-2.7.4). The issue is insufficient sanitization/escaping of settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details show mitigation by up...

CVE-2024-13314 Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13306 WP Google Map < 1.9.4 - Admin+ Stored XSS

The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13208 WP Google Map < 1.9.4 - Admin+ Stored XSS

The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13493 Sensly Online Presence <= 0.6 - Admin+ Stored XSS

The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0692

The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-13120

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

CVE-2024-13121

The CVE-2024-13121 entry concerns the WordPress Paid Membership Plugin (and related components) prior to version 4.15.20. The root cause is insufficient sanitisation/escaping of certain plugin settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disall...

CVE-2024-13120

The CVE-2024-13120 entry concerns the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress) prior to version 4.15.20. Technical details in connected records show the issue is a stored XSS caused by not...

CVE-2024-13119

CVE-2024-13119 affects the ProfilePress family in WordPress via the Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content suite. The public description confirms that versions prior to 4.15.20 do not sanitize/escape certain settings, enabling Stored...

PT-2025-6532 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: Everest Forms WordPress plugin versions prior to 3.0.8.1 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in ...

CVE-2024-12872 Zalomení <= 1.5 - Admin+ Stored XSS

The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-12807

The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...