100 matches found
CVE-2025-11767 Tips Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tip' shortcode in all versions up to, and including, 0.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-12661
CVE-2025-12661 affects the Pollcaster Shortcode Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the height attribute of the pollcaster shortcode in all versions up to 1.0, caused by insufficient input sanitization and output escaping. All evidence indicates an a...
CVE-2025-12661 Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
WordPress plugin Pollcaster Shortcode Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-47694
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress BrightTALK WordPress Shortcode plugin <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin BrightTALK WordPress Shortcode versions = 2.4.0...
WordPress Pollcaster Shortcode Plugin plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Pollcaster Shortcode Plugin versions = 1.0...
EUVD-2025-60920
The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-12667
The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'gist' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Qzzr Shortcode Plugin plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Qzzr Shortcode versions = 1.0.1...
CVE-2025-11806
The CVE-2025-11806 issue affects the Qzzr Shortcode Plugin for WordPress and is a Stored Cross-Site Scripting vulnerability in the qzzr shortcode. Details from connected documents indicate: affected software is Qzzr Shortcode Plugin for WordPress with versions up to and including 1.0.1 (some sour...
CVE-2025-11807
The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...
WordPress Mixlr Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Mixlr Shortcode versions = 1.0.1...
WordPress WordPress Live Webcam Widget & Shortcode plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin WordPress Live Webcam Widget & Shortcode versions = 1.2...
EUVD-2024-34061
Malicious code in bioql PyPI...
EUVD-2025-25068
Malicious code in bioql PyPI...
EUVD-2025-15364
Malicious code in bioql PyPI...
EUVD-2024-50969
Malicious code in bioql PyPI...
EUVD-2023-33005
Malicious code in bioql PyPI...
EUVD-2025-25138
Malicious code in bioql PyPI...