CVE-2022-46819

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Continuous announcement scroller plugin = 13.0 versions...

WordPress CBX Map for Google Map & OpenStreetMap plugin <= 1.1.12 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin CBX Map for Google Map & OpenStreetMap versions = 1.1.12...

CVE-2025-32578

CVE-2025-32578 is a Reflected XSS in the WordPress plugin Coming Soon Countdown (vulnerable up to and including 2.2). The vulnerability arises during web page generation where user-controlled input is improperly neutralized, enabling reflected scripts. The CVE entry notes the impact as cross-site...

WordPress Hive Support plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Hive Support versions = 1.2.5...

CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhubportfolio' and 'pfhubportfolioportfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping o...

CVE-2025-1064

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WP Go Maps < 9.0.33 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2023-30382 · WordPress · Scott Paterson Easy Paypal Shopping Cart

Name of the Vulnerable Software and Affected Versions: Scott Paterson Easy PayPal Shopping Cart plugin versions = 1.1.10 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious script...

CVE-2023-5308

The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2023-2836

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress SEO Plugin by Squirrly SEO Plugin < 12.1.21 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:squirrly:seopluginbysquirrlyseo"; ifdescription...

PT-2023-19116 · WordPress · Themeist I Recommend This

Name of the Vulnerable Software and Affected Versions: Themeist I Recommend This plugin versions 3.8.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Themeist I Recommend Th...

PT-2023-20302 · WordPress · Thom Stark Eyes Only: User Access Shortcode

Name of the Vulnerable Software and Affected Versions: Thom Stark Eyes Only: User Access Shortcode plugin versions 1.8.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects...

Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC themifyportfolioposts imageh='100"...

Tabs < 3.7.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow high privilege users to perform Cross-Site Scripting attacks...

Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting PoC /?searchjob="...

Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=gfeditforms=settings=pdf=1'...

DEBIAN-CVE-2008-5986

Untrusted search path vulnerability in the 1 "VST plugin with Python scripting" and 2 "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory,...