9 matches found
CVE-2026-8847
The CVE-2026-8847 entry concerns the WordPress Dideo plugin (version 1.0) with a Stored XSS flaw in the dideo shortcode. The root cause is insufficient input sanitization and output escaping on the id attribute, which is inserted into an iframe src without escaping in the dideo() handler. Attacke...
CVE-2026-7650 E2Pdf – Export Pdf Tool for WordPress <= 1.32.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the e2pdf-download shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode...
CVE-2026-4011 Power Charts <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the pc shortcode in all versions up to, and including, 0.1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute. Specifically, in the...
PT-2026-33026
The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the pc shortcode in all versions up to, and including, 0.1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute. Specifically, in the ...
CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...
CVE-2026-1889
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1889
CVE-2026-1889 concerns the WordPress Outgrow plugin up to version 2.1, where the stored cross-site scripting vulnerability is triggered by the 'id' attribute of the 'outgrow' shortcode. The root cause is insufficient input sanitization and output escaping on user-supplied attributes. The impact i...
CVE-2026-1889 Outgrow <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'outgrow' Shortcode 'id' Attribute
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3053
The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it...