WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Links shortcode versions = 1.8.3...

WordPress TweetThis Shortcode plugin <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TweetThis Shortcode versions = 1.8.0...

CVE-2025-58022 WordPress ShortCode Plugin <= 0.8.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxpagels ShortCode shortcode allows Stored XSS.This issue affects ShortCode: from n/a through = 0.8.1...

CVE-2025-58022 WordPress ShortCode Plugin <= 0.8.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxpagels ShortCode shortcode allows Stored XSS.This issue affects ShortCode: from n/a through = 0.8.1...

CVE-2025-58021 WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...

CVE-2025-58021 WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...

WordPress plugin ShortCode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-58876

CVE-2025-58876 is a Stored XSS in the WordPress plugin “Aparat Video Shortcode”. Affected versions are up to 0.2.4 (reported as: Aparat Video Shortcode: from n/a through 0.2.4). The underlying issue is improper input neutralization during web page generation, enabling stored cross-site scripting....

CVE-2025-7649

CVE-2025-7649 affects the WordPress plugin Surbma | Recent Comments Shortcode. The vulnerability is a Stored Cross‑Site Scripting (XSS) via the plugin's recent-comments shortcode in all versions up to and including 2.0. An attacker with at least a contributor‑level account can inject arbitrary sc...

CVE-2023-37994

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Artem Abramovich Art Decoration Shortcode plugin = 1.5.6 versions...

CVE-2023-35772

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Alain Gonzalez Google Map Shortcode plugin = 3.1.2 versions...

CVE-2021-24824

The field shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the...

CVE-2025-23791 WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mikakaltoft Horizontal Line Shortcode horizontal-line-shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through = 1.0...

CVE-2025-23618 WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through = 0.9...

WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sidebar-Content from Shortcode versions = 2.0...

WordPress plugin Sidebar-Content from Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Tabs Shortcode plugin <= 2.0.2 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tabs Shortcode versions = 2.0.2...

CVE-2024-11606

The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11606 Tabs Shortcode <= 2.0.2 - Contributor+ XSS via Shortcode

The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-12574

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...