1396 matches found
CVE-2025-13899
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13907 CSS3 Buttons <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13907
CVE-2025-13907 : CSS3 Buttons plugin for WordPress is vulnerable to Stored XSS via the plugin’s ‘button’ shortcode in versions up to 0.1. The issue arises from insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires an authenticated attacker with con...
CVE-2025-13899 TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899 TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13899
CVE-2025-13899 affects the TR Timthumb WordPress plugin. All versions up to 1.0.4 are vulnerable to Stored Cross-Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor level or higher, enabling ...
WordPress RevInsite plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin RevInsite versions = 1.1.0...
WordPress CSS3 Buttons plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin CSS3 Buttons versions = 0.1...
WordPress Yet Another WebClap for WordPress plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin Yet Another WebClap for WordPress versions = 0.2...
CVE-2025-13678
CVE-2025-13678 : The Thai Lottery Widget WordPress plugin is vulnerable to authenticated Stored Cross-Site Scripting via the thailottery shortcode in all versions up to and including 2.5 due to insufficient sanitization of width and height attributes. Attackers with Contributor-level access or hi...
CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the thailottery shortcode in all versions up to, and including, 2.5. This is due to insufficient input sanitization and output escaping on the user supplied width and height shortcode attributes. This...
WordPress Thai Lottery Widget plugin <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Peerapat Samatathanyakorn in WordPress Plugin Thai Lottery Widget versions = 2.5...
CVE-2025-12712
CVE-2025-12712 (Shouty WordPress plugin) vulnerable in all versions up to 0.2.1 due to insufficient input sanitization and output escaping on shouty shortcode attributes, enabling stored cross-site scripting. Exploitation requires authenticated access at Contributor level or higher; an attacker c...
CVE-2025-12712 Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes
The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the shouty shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WordPress Shouty plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shouty versions = 0.2.1...
CVE-2025-11765
CVE-2025-11765 : The WordPress plugin Stock Tools is vulnerable to stored XSS via the shortcode attributes image_height and image_width in all versions up to 1.1. The issue stems from insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or...
CVE-2025-11868
The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...
WordPress plugin Code Snippets 代码注入漏洞
WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...
EUVD-2025-197932
The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...
CVE-2025-11868 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...