CVE-2025-12823 CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CSV to SortTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csv' shortcode in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2025-12962

CVE-2025-12962 affects the WordPress Local Syndication plugin up to version 1.5a. The vulnerability is a Server-Side Request Forgery (SSRF) triggered via the url parameter in the [syndicate_local] shortcode. It arises from using wp_remote_get() instead of wp_safe_remote_get(), which lacks protect...

PT-2025-47252

Name of the Vulnerable Software and Affected Versions everviz plugin for WordPress versions up to and including 1.1 Description The everviz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the everviz shortcode attributes. The issue arises from insufficient sanitization ...

PT-2025-47265

Name of the Vulnerable Software and Affected Versions Local Syndication plugin for WordPress versions prior to 1.5a Description The Local Syndication plugin for WordPress is susceptible to Server-Side Request Forgery SSRF in versions up to and including 1.5a. The issue stems from the use of wp...

CVE-2025-7711

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

WordPress Local Syndication plugin <= 1.5a - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode vulnerability

Authenticated Contributor+ Server-Side Request Forgery via Shortcode vulnerability discovered by Ivan Cese in WordPress Plugin Local Syndication versions = 1.5a...

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

EUVD-2025-197883

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

WordPress Classified Listing plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Listing Description vulnerability discovered by Kishan Vyas in WordPress Plugin Classified Listing versions = 5.0.3...

PT-2025-47216

Name of the Vulnerable Software and Affected Versions The Classified Listing – Classified ads & Business Directory Plugin versions prior to 5.0.4 Description The Classified Listing – Classified ads & Business Directory Plugin for WordPress is susceptible to arbitrary shortcode execution. This...

CVE-2025-11769

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11769

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11769 WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-11769 WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipperfront' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-8397

The CVE concerns the WordPress plugin Save as PDF Button. All versions up to 1.9.2 are vulnerable to Stored Cross-Site Scripting via the restpackpdfbutton shortcode due to insufficient sanitization/escaping of user attributes. Authenticated attackers with contributor-level access (or higher) can ...

PT-2025-46792

Name of the Vulnerable Software and Affected Versions WordPress Content Flipper plugin versions up to and including 0.1 Description The WordPress Content Flipper plugin is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the 'bgcolor'...

PT-2025-46794

Name of the Vulnerable Software and Affected Versions Save as PDF Button plugin for WordPress versions prior to 1.9.3 Description The software has a flaw due to insufficient input sanitization and output escaping on user-supplied attributes within the restpackpdfbutton shortcode. This allows...

CVE-2025-12010

The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from AuthorsListShortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to ca...

CVE-2025-12711

The Share to Google Classroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sharetogoogle shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...