CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters

The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-14851 YaMaps for WordPress <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters

The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-14851

CVE-2025-14851 concerns YaMaps for WordPress Plugin (YaMaps for WordPress) for WordPress. The vulnerability is a Stored Cross-Site Scripting via the yamap shortcode parameters present in all versions up to and including 0.6.40. The issue stems from insufficient input sanitization and output escap...

WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...

CVE-2025-13841

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2025-46291

Name of the Vulnerable Software and Affected Versions WP Count Down Timer plugin for WordPress versions up to and including 1.0.1 Description The WP Count Down Timer plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp countdown timer shortcode...

EUVD-2021-11415

Malware in sbrugna...

EUVD-2021-11320

Malware in sbrugna...

EUVD-2021-11328

Malware in sbrugna...

EUVD-2021-11327

Malware in sbrugna...

CVE-2024-8444

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting...

CVE-2021-24408

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in th...

CVE-2021-24486

The Simple Social Media Share Buttons – Social Sharing for Everyone WordPress plugin before 3.2.3 did not escape the align and likebuttonsize parameters of its SSB shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

WordPress plugin Content Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-8444

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting...

CVE-2024-8444

CVE-2024-8444 concerns the WordPress Download Manager plugin prior to version 3.3.00. The vulnerability arises because certain shortcode parameters aren’t properly sanitized, enabling a cross-site scripting (XSS) issue. Affected product: Download Manager WordPress plugin (versions