8961 matches found
PT-2026-30346
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...
WordPress plugin Shortcodes Ultimate 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Shortcodes Ultimate plugin <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability
authenticated Contributor+ Stored Cross-Site Scripting via 'sucarousel' Shortcode vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Shortcodes Ultimate versions = 7.4.8...
WordPress Simple Shopping Cart plugin <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'wpscdisplayproduct' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Simple Shopping Cart versions = 5.2.4...
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-1834
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Contact Form Entries versions = 1.4.9...
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-2480
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...
EUVD-2026-17319
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-1834
CVE-2026-1834 affects the Ibtana – WordPress Website Builder plugin for WordPress. The issue is a Stored Cross-Site Scripting vulnerability via the plugin's 'ive' shortcode in all versions up to and including 1.2.5.7 , caused by insufficient input sanitization and output escaping on user-supplied...
CVE-2026-1834
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
WordPress Ibtana - WordPress Website Builder plugin <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
WordPress Ibtana - WordPress Website Builder plugin = 1.2.5.7 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ibtana versions = 1.2.5.7...
PT-2026-29195
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
WordPress Ultimate Member plugin <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability
Authenticated Contributor+ Sensitive Information Exposure to Account Takeover via Shortcode Template Tag vulnerability discovered by HDH - FPT Software in WordPress Plugin Ultimate Member versions = 2.11.2...
WordPress Responsive Plus plugin < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Responsive Plus versions 3.4.3...