WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxtimeline' Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress plugin The Events Calendar Shortcode & Block 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-6235

Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...

PT-2026-6240

Name of the Vulnerable Software and Affected Versions Iulia Cazan Latest Post Shortcode versions through 14.2.0 Description The Latest Post Shortcode software contains a missing authorization flaw that allows exploitation due to incorrectly configured access control security levels. Recommendatio...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'auxgmaps' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.15.7...

WordPress Colibri Page Builder plugin <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'colibribreadcrumbelement' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Colibri Page Builder versions = 1.0.272...

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_block Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via contentblock Shortcode vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.0...

WordPress OSM plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin OSM versions = 6.0.3...

WordPress Login Logout Register Menu plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Login Logout Register Menu versions = 2.0...

WordPress Salient Core plugin <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Salient Core versions = 2.0.7...

WordPress Testimonials Widget plugin <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via testimonials Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Testimonials Widget versions = 4.0.4...

WordPress Geo Controller plugin <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution vulnerability

Missing Authorization to Unauthenticated Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Geo Controller versions = 8.6.9...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

WordPress Confetti Fall Animation plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Confetti Fall Animation versions = 1.3.1...

WordPress WP-WebAuthn plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wwa_login_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wwaloginform Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WP-WebAuthn versions = 1.3.3...

WordPress Bridge Core plugin <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton - Wordfence in WordPress Plugin Bridge Core versions = 3.2.0...

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via auxcontactbox and auxgmaps Shortcodes vulnerability discovered by David Gallagher BatFeats - Adept Digital in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.0...

WordPress MediaPress plugin <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin's Shortcode vulnerability discovered by zaim in WordPress Plugin MediaPress versions = 1.6.1...

WordPress Widget Countdown plugin <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widget Countdown versions = 2.7.7...