6 matches found
CVE-2026-3554
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the 'title' attribute of the...
EUVD-2026-14162
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the 'title' attribute of the...
CVE-2026-3554 Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute
The Sherk Custom Post Type Displays plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in all versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the 'title' attribute of the...
PT-2026-26859
Name of the Vulnerable Software and Affected Versions Sherk Custom Post Type Displays plugin for WordPress versions up to and including 1.2.1 Description The Sherk Custom Post Type Displays plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'title' shortcode attribute...
CVE-2023-46202
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...
CVE-2023-46202 WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Jeff Sherk Auto Login New User After Registration plugin = 1.9.6 versions...