8962 matches found
CVE-2025-11770 BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'format' shortcode attribute in the brighttalk-time shortcode in all versions up to, and including, 2.4.0. This is due to insufficient input sanitization and output escaping. This makes it...
EUVD-2025-198399
The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'caption' shortcode attribute of the 'audiotube' shortcode in all versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-11801
The AudioTube WordPress plugin (versions
CVE-2025-11765
CVE-2025-11765 : The WordPress plugin Stock Tools is vulnerable to stored XSS via the shortcode attributes image_height and image_width in all versions up to 1.1. The issue stems from insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or...
CVE-2025-12661 Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2025-12661
CVE-2025-12661 affects the Pollcaster Shortcode Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the height attribute of the pollcaster shortcode in all versions up to 1.0, caused by insufficient input sanitization and output escaping. All evidence indicates an a...
EUVD-2025-198400
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
EUVD-2025-198401
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12660
CVE-2025-12660 – Padlet Shortcode (Wallwisher) Stored XSS (WordPress) Affected software: Padlet Shortcode plugin for WordPress (shortcode wallwisher, parameter key) up to version 1.3. Description and connected sources confirm a Stored Cross-Site Scripting flaw caused by insufficient input sanitiz...
CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2025-47695
The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'pollcaster' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
PT-2025-47676
The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' parameter in the notification shortcode in all versions up to, and including, 1.1. This is due to missing input sanitization and output escaping. This makes it possible for authenticated...
PT-2025-47706
The WP Company Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'social-networks' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress plugin Surbma | MiniCRM Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-47700
The HotelRunner Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hotelrunner' shortcode in all versions up to, and including, 5.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Padlet Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-47678
The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tip' shortcode in all versions up to, and including, 0.2.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WordPress plugin Pollcaster Shortcode Plugin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Display Pages Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...