8962 matches found
CVE-2025-15368
Vulnerability summary (CVE-2025-15368) : The SportsPress WordPress plugin (versions up to 2.7.26) is vulnerable to Local File Inclusion via the shortcodes’ template_name attribute. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary server files,...
CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...
EUVD-2025-206819
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...
WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin The Events Calendar Shortcode & Block versions = 3.1.1...
EUVD-2025-206793
The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the getfrontendsettings function. This makes it possible for unauthenticated attackers to extract the site's magicimport.ai license key from the...
WordPress SportsPress plugin <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.26...
CVE-2026-24995
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...
CVE-2026-24988
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
CVE-2026-24995
CVE-2026-24995 – WordPress: Latest Post Shortcode plugin is affected up to version 14.2.0 due to a missing authorization flaw that enables exploitation of improperly configured access control security levels. The Red Hat and CVE records reiterate a Missing Authorization vulnerability in Latest Po...
CVE-2026-24995 WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...
CVE-2026-24995
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...
CVE-2026-24995 WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...
EUVD-2026-5252
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through = 14.2.0...
EUVD-2026-5313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
CVE-2026-24988 WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
CVE-2026-24988 WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
CVE-2026-24988
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
WordPress WP AdCenter plugin <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpadcenterad Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP AdCenter versions = 2.5.7...
WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability
Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...
WordPress Ganohrs Toggle Shortcode plugin <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ganohrs Toggle Shortcode versions = 0.2.4...