WordPress plugin Code Snippets 代码注入漏洞

WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...

EUVD-2025-197932

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...

CVE-2025-11868 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...

CVE-2025-11868

The WordPress everviz plugin (up to version 1.1) is vulnerable to Stored Cross‑Site Scripting via the everviz shortcode attributes. The root cause is inadequate input sanitization and output escaping when building a from the type and hash attributes. This allows authenticated attackers with cont...

CVE-2025-11868 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The everviz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the everviz shortcode attributes in versions up to, and including, 1.1. This is due to the plugin not properly sanitizing user input or escaping output when building a from the type and hash attributes. This makes i...

PT-2025-47252

Name of the Vulnerable Software and Affected Versions everviz plugin for WordPress versions up to and including 1.1 Description The everviz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the everviz shortcode attributes. The issue arises from insufficient sanitization ...

EUVD-2025-60921

The Live Photos on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videosrc', 'imgsrc', and 'class' parameters in the livephotosphoto shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on...

CVE-2025-12651

CVE-2025-12651 describes a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Live Photos on WordPress . The flaw arises from insufficient input sanitization and output escaping for user-supplied attributes in the shortcode livephotos_photo, specifically the parameters video_...

CVE-2025-11745

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-11745

CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...

WordPress TablePress plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Rafshanzani Suhada in WordPress Plugin TablePress versions = 3.2.4...

CVE-2025-12324

CVE-2025-12324 affects the WordPress plugin TablePress (versions up to 3.2.3). The vulnerability is a Stored Cross-Site Scripting via table shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor-level access; an attacker can ...

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

PT-2025-44915

Name of the Vulnerable Software and Affected Versions TablePress versions up to and including 3.2.3 Description The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the table shortcode attributes. Insufficient input sanitization and output escaping on...

CVE-2025-6988

The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6988

CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions

CVE-2025-10737

The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...