CVE-2025-11806 Qzzr Shortcode Plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...

WordPress plugin Qzzr Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2025-12475

The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksynewslettersubscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2025-44370

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.14 Description The Blocksy Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'blocksy newsletter subscribe' shortcode. This is due t...

CVE-2025-62898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

EUVD-2025-36040

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

CVE-2025-62898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

CVE-2025-62898

CVE-2025-62898 refers to a Stored XSS vulnerability in the WordPress plugin Links shortcode (versions

CVE-2025-62898 WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

CVE-2025-62898 WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

PT-2025-43777

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through = 1.8.3...

WordPress plugin Links shortcode 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

CVE-2025-11875

The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-8413

The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

WordPress plugin Discussion Board - WordPress Forum Plugin Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

WordPress plugin ShopLentor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-35918

The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-35923

The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...

CVE-2025-12096

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-11875

The CVE refers to the SpendeOnline.org WordPress plugin (affected: versions up to 3.0.1) with a Stored Cross‑Site Scripting vulnerability via the spendeonline shortcode due to insufficient input sanitization and output escaping of user attributes. This could allow authenticated attackers with con...