8962 matches found
CVE-2025-11268
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11987
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11268
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11268
The CVE-2025-11268 entry for Strong Testimonials (WordPress) is confirmed by Wordfence as a vulnerability in all versions up to 3.2.16, enabling unauthenticated attackers to trigger arbitrary shortcodes when an administrator previews or publishes a crafted testimonial. The issue is caused by insu...
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
EUVD-2025-37981
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
PT-2025-45181
Name of the Vulnerable Software and Affected Versions Strong Testimonials plugin for WordPress versions prior to 3.2.17 Description The Strong Testimonials plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate or sanitize user-submitted...
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745
CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11987
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11987
CVE-2025-11987 — Visual Link Preview (WordPress) is a stored cross-site scripting vulnerability in the Visual Link Preview plugin for WordPress, exploitable via the plugin’s visual-link-preview shortcode. Affected versions are up to and including 2.2.7, where insufficient input sanitization and o...
CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12369
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-11812
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...
CVE-2025-11704
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
WordPress List category posts plugin information leakage vulnerability
WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...