CVE-2026-5506

The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wave shortcode in all versions up to, and including, 0.2.6. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

PT-2026-1710

Name of the Vulnerable Software and Affected Versions Entry Views versions prior to 1.0.1 Description The Entry Views plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'entry-views' shortcode. Insufficient input sanitization and output escaping on user-supplied...

PT-2025-1736 · WordPress · Medical Addon For Elementor

Name of the Vulnerable Software and Affected Versions: Medical Addon for Elementor plugin for WordPress versions up to, and including, 1.6.2 Description: The issue allows authenticated attackers with Contributor-level access and above to read the content of draft, pending, and private posts due t...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Design/Logic Flaw

WordPress before 5.2.3 allows XSS in shortcode previews...