CVE-2025-14121

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-11856

The Eventbee Ticketing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventbeeticketwidget' shortcode in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input and output of several parameters. This makes it possible...

EUVD-2023-12521

Malicious code in bioql PyPI...

PT-2025-1864 · WordPress · Avada Builder

Name of the Vulnerable Software and Affected Versions: Avada Builder plugin for WordPress versions up to, and including, 3.11.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes. This allows authenticated...

PT-2024-30954 · Yandex · Yandex Turbo Feed Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Mihdan: Yandex Turbo Feed plugin for WordPress versions up to, and including, 1.6.5.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing...

CVE-2023-5614

The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...