CVE-2026-1903

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute

The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sbravelrydesigns' shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2026-1903

CVE-2026-1903 (Reserved entry) has concrete detail in connected document: WordPress plugin Ravelry Designs Widget &lt;= 1.0.0 is affected by an Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability via the sb_ravelry_designs shortcode layout attribute. Impact: stored XSS could be...

WordPress Ravelry Designs Widget plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'sbravelrydesigns' Shortcode 'layout' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ravelry Designs Widget versions = 1.0.0...