8961 matches found
CVE-2025-13738 Easy Table of Contents <= 2.0.78 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode
The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-13612
CVE-2025-13612 affects the WordPress plugin “Album and Image Gallery Plus Lightbox” (versions up to and including 2.1.7). The vulnerability is a Stored Cross-Site Scripting via the aigpl-gallery-album shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...
CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-13612 Album and Image Gallery Plus Lightbox <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode
The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aigpl-gallery-album shortcode in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-13732
CVE-2025-13732 concerns the WordPress plugin s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions (versions through 251005). The issue is a Stored Cross-Site Scripting flaw via the shortcode parameter s2Eot , caused by insufficient input sa...
CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...
CVE-2025-13732 s2Member <= 251005 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2Eot' shortcode in all versions up to, and including, 251005 due to insufficient input sanitizatio...
WordPress Groups plugin <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'groupsgroupinfo' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Groups versions = 3.10.0...
WordPress YaMaps for WordPress plugin <= 0.6.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Parameters vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Parameters vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin YaMaps for WordPress versions = 0.6.40...
WordPress plugin Album and Image Gallery plus Lightbox 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin XO Event Calendar 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20620
The YaMaps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the yamap shortcode parameters in all versions up to, and including, 0.6.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
PT-2026-20603
Name of the Vulnerable Software and Affected Versions The Album and Image Gallery plus Lightbox plugin for WordPress versions through 2.1.7 Description The Album and Image Gallery plus Lightbox plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aigpl-gallery-album...
PT-2026-20605
Name of the Vulnerable Software and Affected Versions s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress versions through 251005 Description The s2Member plugin for WordPress is susceptible to Stored Cross-Site...
PT-2026-20606
The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ez-toc shortcode in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1426
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...
CVE-2025-11185
CVE-2025-11185 concerns the WordPress plugin “Complianz – GDPR/CCPA Cookie Consent”. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the plugin’s cmplz-accept-link shortcode, arising from insufficient input sanitization and output escaping on user-supplied attributes. It affec...
CVE-2026-1941
The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpevents' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-2127
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...