CVE-2025-14122

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-14121

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-14053

The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-13841

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...

CVE-2025-14122

CVE-2025-14122 concerns the AD Sliding FAQ plugin for WordPress. The connected Wordfence report confirms a stored XSS vulnerability via the sliding_faq shortcode, affecting all versions up to and including 2.4, caused by insufficient input sanitization and output escaping on user-supplied attribu...

CVE-2025-14122 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-14122 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-14147

CVE-2025-14147 affects the WordPress extension Easy GitHub Gist Shortcodes . The vulnerability is a Stored Cross-Site Scripting (XSS) via the shortcodes’ id parameter, exploitable on all versions up to and including 1.0. The Wordfence report specifies that exploitation requires authenticated acce...

CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-14121

CVE-2025-14121 affects the WordPress plugin EDD Download Info (EDD Download Info). Affected versions: all up to 1.1. Root cause: insufficient input sanitization and output escaping in the shortcode attribute edd_download_info_link . Impact: Stored Cross-Site Scripting enabling authenticated attac...

CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edddownloadinfolink' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-13841

CVE-2025-13841 applies to the WordPress plugin Smart App Banners (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) in the shortcode parameter handling of the app-store-download shortcode, specifically for the attributes size and verticalalign . It affects all versions u...

CVE-2025-13841 Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes

The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-14144

CVE-2025-14144 affects Mstoic Shortcodes for WordPress. The vulnerability is a stored XSS via the start attribute of the ms_youtube_embeds shortcode, present in all versions up to and including 2.0, due to insufficient input sanitization and output escaping. Exploitation requires authentication a...

CVE-2025-14453 My Album Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute

The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stylecss' shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14626 QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes

The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-14626

CVE-2025-14626 – Stored Cross-Site Scripting in the QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress. The issue arises from insufficient input sanitization and output escaping of user-supplied attributes in the plugin’s shortcode, enabling an authenticated at...

CVE-2025-14112 Snillrik Restaurant <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute

The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menustyle' shortcode attribute in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-14626 QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes

The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes...