1404 matches found
WordPress plugin WP Circliful 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin ShopLentor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Download Manager plugin <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Download Manager versions = 3.3.52...
EUVD-2026-20837
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...
WordPress plugin OSM – OpenStreetMap 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-1396
The CVE-2026-1396 entry affects the WordPress plugin Magic Conversation For Gravity Forms. It reports a Stored Cross-Site Scripting vulnerability in the magic-conversation shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versions are a...
CVE-2026-5506 Wavr <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-5508 WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-3513
The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...
CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...
CVE-2026-3513 TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableonbutton' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes...
CVE-2026-3513
CVE-2026-3513 concerns the TableOn – WordPress Posts Table Filterable plugin (
WordPress Magic Conversation For Gravity Forms plugin <= 3.0.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zaim in WordPress Plugin Magic Conversation For Gravity Forms versions = 3.0.97...
PT-2026-31075
Name of the Vulnerable Software and Affected Versions TableOn – WordPress Posts Table Filterable plugin versions up to and including 1.0.4.4 Description The TableOn – WordPress Posts Table Filterable plugin is susceptible to Stored Cross-Site Scripting. This is due to insufficient input...
PT-2026-31101
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the scm member data shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Wavr plugin <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin Wavr versions = 0.2.6...
WordPress WowPress plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by zakaria in WordPress Plugin WowPress versions = 1.0.0...
CVE-2026-4084
The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...
CVE-2026-4086
The WP Random Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cat', 'nocat', and 'text' shortcode attributes of the 'wprandombutton' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on...