EUVD-2025-204796

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'registerform' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2024-39515 · WordPress · Memberful

Name of the Vulnerable Software and Affected Versions: Memberful – Membership Plugin versions up to, and including, 1.73.7 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

PT-2023-31863 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 5.3.5 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes...

PT-2023-16214 · WordPress · Real.Kit Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: real.Kit WordPress plugin versions prior to 5.1.1 Description: The issue concerns the real.Kit WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could all...