WordPress Shouty plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shouty Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shouty versions = 0.2.1...

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12645

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-199568

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12645

The CVE-2025-12645 entry concerns the WordPress Inline frame – Iframe plugin (versions

CVE-2025-12645 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12645 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-199099

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress Display Pages Shortcode plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

PT-2025-48002

The Inline frame – Iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedsite' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress BrightTALK Shortcode plugin cross-site scripting vulnerability

The WordPress BrightTALK Shortcode plugin is a plugin for WordPress designed to integrate BrightTALK's webinar functionality through shortcodes. The WordPress BrightTALK Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filterin...

WordPress Inline frame – Iframe plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Inline frame – Iframe versions = 0.1...

CVE-2025-10144

The Perfect Brands for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the brands attribute of the products shortcode in all versions up to, and including, 3.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-12800

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.4.5 via the sushortcodecsvtable function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make...

CVE-2025-10144

CVE-2025-10144 concerns the Perfect Brands for WooCommerce plugin for WordPress. Wordfence reports a time-based SQL Injection via the brands attribute of the products shortcode in all versions up to 3.6.2, caused by insufficient escaping of user-supplied input and inadequate preparation of the ex...

PT-2025-47974

Name of the Vulnerable Software and Affected Versions The Perfect Brands for WooCommerce plugin for WordPress versions through 3.6.2 Description The Perfect Brands for WooCommerce plugin for WordPress is susceptible to time-based SQL Injection through the brands attribute of the products shortcod...

PT-2025-47865

Name of the Vulnerable Software and Affected Versions WP Shortcodes Plugin – Shortcodes Ultimate versions prior to 7.4.6 Description The Shortcodes Ultimate plugin for WordPress is susceptible to Server-Side Request Forgery SSRF. This allows authenticated attackers with Administrator-level access...

CVE-2025-12935

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fluentcrmcontent' shortcode in all versions up to, and including, 2.9.84 due to insufficient input...

CVE-2025-12661

The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

CVE-2025-11767

The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tip' shortcode in all versions up to, and including, 0.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...