WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_fs_local_business Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scfslocalbusiness Shortcode vulnerability discovered by shaman0x01 - Shaman Red Team in WordPress Plugin Structured Content versions = 1.6.3...

WordPress FunnelKit plugin <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wfopphone Shortcode vulnerability discovered by zaim in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.2...

WordPress WP Easy FAQs plugin <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via WPEASYFAQ Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Easy FAQs versions = 1.0.5...

WordPress TableOn plugin <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tableonpopupiframebutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin TableOn versions = 1.0.4.1...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via SQLREPORT Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.11...

WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Stored XSS via Shortcode vulnerability

Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...

WordPress Easy Jump Links Menus plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by theviper17y in WordPress Plugin Easy Jump Links Menus versions = 1.0.0...

WordPress WishSuite plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buttontext' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin WishSuite versions = 1.5.1...

WordPress Booking Calendar plugin <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingcalendar Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Booking Calendar versions = 10.14.6...

WordPress Ultimate Member plugin <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultimate Member versions = 2.11.0...

WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Cookie Notice & Compliance for GDPR / CCPA versions = 2.5.8...

WordPress Live Composer plugin <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via dslcmodulepostsoutput Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

WordPress Front End Users plugin <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via forgot-password Shortcode vulnerability discovered by zaim in WordPress Plugin Front End Users versions = 3.2.30...

WordPress SecuPress Free - WordPress Security plugin <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode vulnerability

WordPress SecuPress Free - WordPress Security plugin = 2.2.5.3 - Authenticated Contributor+ Stored Cross-Site Scripting via secupresscheckbanipsform Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin SecuPress Free versions = 2.2.5.3...

WordPress plugin BuddyPress Activity Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability

WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...

WordPress Bold Timeline Lite plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'title' Parameter in 'boldtimelinegroup' Shortcode vulnerability discovered by zaim in WordPress Plugin Bold Timeline Lite versions = 1.2.7...

WordPress Magic Buttons for Elementor plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via magic-button Shortcode vulnerability discovered by Gilang - DJ in WordPress Plugin Magic Buttons for Elementor versions = 1.0...

WordPress IRM Newsroom plugin <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'irmeventlist' Shortcode vulnerability discovered by Chuck - None in WordPress Plugin IRM Newsroom versions = 1.2.19...

PT-2025-54302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...