PT-2025-46295

Name of the Vulnerable Software and Affected Versions Chart Expert plugin for WordPress versions prior to 1.1 Description The Chart Expert plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'pmzez chart' shortcode. This is a result of inadequate input sanitization and...

PT-2025-46271

Name of the Vulnerable Software and Affected Versions Authors List plugin for WordPress versions prior to 2.0.6.2 Description The Authors List plugin for WordPress is susceptible to sensitive information exposure. Authenticated attackers with Contributor-level access or higher can exploit this...

PT-2025-46258

Name of the Vulnerable Software and Affected Versions My Geo Posts Free plugin for WordPress versions prior to 1.3 Description The My Geo Posts Free plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'mygeo city' shortcode. This occurs because the plugin does not...

PT-2025-46252

Name of the Vulnerable Software and Affected Versions WP Bootstrap Tabs versions prior to 1.0.5 Description The WP Bootstrap Tabs plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'bootstrap tab' shortcode. Insufficient input sanitization and output escaping of...

PT-2025-46287

Name of the Vulnerable Software and Affected Versions Coon Google Maps plugin for WordPress versions prior to 1.1 Description The Coon Google Maps plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter within the 'map' shortcode. This occurs because of...

PT-2025-46292

Name of the Vulnerable Software and Affected Versions WP-Iconics plugin for WordPress versions prior to 0.0.5 Description The WP-Iconics plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp iconics shortcode. Insufficient input sanitization and...

PT-2025-46284

Name of the Vulnerable Software and Affected Versions Live Photos on WordPress plugin versions prior to 0.1 Description The Live Photos on WordPress plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on...

PT-2025-46283

Name of the Vulnerable Software and Affected Versions Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress versions through 1.0.11 Description The software is susceptible to Stored Cross-Site Scripting through the 'nonaki' shortcode. This is a result of inadequate inp...

PT-2025-46262

Name of the Vulnerable Software and Affected Versions Simple Donate plugin for WordPress versions prior to 1.1 Description The Simple Donate plugin for WordPress is susceptible to Stored Cross-Site Scripting through the simpledonate shortcode. Insufficient input sanitization and output escaping o...

PT-2025-46290

Name of the Vulnerable Software and Affected Versions GitHub Gist Shortcode Plugin for WordPress versions through 0.2 Description The GitHub Gist Shortcode Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the id parameter of the 'gist' shortcode. Insufficient input...

WordPress plugin Coon Google Maps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Coon Maps plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

PT-2025-46255

Name of the Vulnerable Software and Affected Versions Eventbee Ticketing Widget versions prior to 1.0 Description The Eventbee Ticketing Widget plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'eventbeeticketwidget' shortcode. This occurs because the plugin does not...

PT-2025-46254

Name of the Vulnerable Software and Affected Versions Five9 Live Chat plugin for WordPress versions through 1.1.2 Description The Five9 Live Chat plugin for WordPress is susceptible to Stored Cross-Site Scripting through the toolbar attribute within the five9-chat shortcode. This occurs because o...

PT-2025-46288

Name of the Vulnerable Software and Affected Versions Jeba Cute forkit plugin for WordPress versions prior to 1.1 Description The Jeba Cute forkit plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping of...

PT-2025-46260

Name of the Vulnerable Software and Affected Versions WP BBCode plugin for WordPress versions up to and including 1.8.1 Description The WP BBCode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'url' shortcode. This is due to inadequate input sanitization and output...

PT-2025-46291

Name of the Vulnerable Software and Affected Versions WP Count Down Timer plugin for WordPress versions up to and including 1.0.1 Description The WP Count Down Timer plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp countdown timer shortcode...

WordPress Jeba Cute forkit plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Jeba Cute forkit versions = 1.0...

EUVD-2025-38373

The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphaliliqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12643

CVE-2025-12643 – Saphali LiqPay for donate (WordPress) Stored XSS The WordPress plugin Saphali LiqPay for donate (plugin slug: saphali-liqpay-for-donate) is affected by a stored cross-site scripting vulnerability in the shortcode attribute saphali_liqpay. All versions up to and including 1.0.2 ar...

CVE-2025-12643 Saphali LiqPay for donate <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphaliliqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...