CVE-2026-5293

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

PT-2024-17331 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to and including 2.6.9 Description: The issue concerns a stored cross-site scripting vulnerability due to insufficient input sanitization and output escaping on...

PT-2024-38970 · WordPress · Wp Custom Fields Search

Name of the Vulnerable Software and Affected Versions: WP Custom Fields Search plugin for WordPress versions up to, and including, 1.2.35 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode due to insufficient input sanitization and output...

PT-2023-31959 · WordPress · Tm Woocommerce Compare & Wishlist

Name of the Vulnerable Software and Affected Versions: TM WooCommerce Compare & Wishlist plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the 'tm woo wishlist table' shortcode due to insufficient input sanitization and...