8962 matches found
CVE-2025-11875
The CVE refers to the SpendeOnline.org WordPress plugin (affected: versions up to 3.0.1) with a Stored Cross‑Site Scripting vulnerability via the spendeonline shortcode due to insufficient input sanitization and output escaping of user attributes. This could allow authenticated attackers with con...
CVE-2025-11875 SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8483
The CVE-2025-8483 entry concerns the Discussion Board – WordPress Forum Plugin for WordPress (versions up to 2.5.5). The root cause is improper validation before do_shortcode, allowing authenticated users with Subscriber+ privileges to trigger arbitrary shortcode execution. Severity in public rep...
CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
CVE-2025-8413
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-10737
The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
EUVD-2025-35908
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-8413
Summary (CVE-2025-8413): Listeo (WordPress theme)
CVE-2025-11823
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...
CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...
WordPress Listeo plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via soundcloud Shortcode vulnerability discovered by Craig Webb in WordPress Theme Listeo versions = 2.0.8...
WordPress ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin ShopLentor versions = 3.2.4...
PT-2025-43721
Name of the Vulnerable Software and Affected Versions SpendeOnline.org plugin for WordPress versions up to and including 3.0.1 Description The SpendeOnline.org plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'spendeonline' shortcode. Insufficient input sanitization...
PT-2025-43700
Name of the Vulnerable Software and Affected Versions ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress versions prior to 3.2.5 Description The ShopLentor plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue...
PT-2025-43713
Name of the Vulnerable Software and Affected Versions Listeo versions prior to 2.0.9 Description The Listeo theme for WordPress is susceptible to Stored Cross-Site Scripting through the soundcloud shortcode. Insufficient input sanitization and output escaping on user-supplied attributes allows...
CVE-2025-12096
The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...