CVE-2025-11807

The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This makes it possible for authenticated attacker...

CVE-2025-11810

The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' attribute. This makes it possible for...

CVE-2025-11809

The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute. This makes it possible for authenticated...

CVE-2025-10138

The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11883

The CVE refers to the WordPress plugin Responsive Progress Bar. The vulnerability is a Stored Cross-Site Scripting (XSS) via the rprogress shortcode in versions up to and including 1.0, caused by insufficient input sanitization and output escaping of user-supplied attributes. An attacker with con...

CVE-2025-11883 Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-11883 Responsive Progress Bar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

EUVD-2025-35317

The Responsive Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rprogress shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

CVE-2025-11870

CVE-2025-11870: The Simple Business Data WordPress plugin (simple-business-data) is vulnerable to stored XSS in all versions up to 1.0.1 via the simple_business_data shortcode attributes, where unsanitized input is embedded into the class attribute of rendered HTML. Exploitation requires contribu...

CVE-2025-11817

CVE-2025-11817 affects the WordPress plugin Simple Tableau Viz (versions ≤ 2.0). The root cause is insufficient input sanitization and output escaping on the tableau shortcode, enabling stored cross-site scripting. The issue is exploitable by authenticated users with contributor-level access or h...

CVE-2025-11817 Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

EUVD-2025-35332

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

EUVD-2025-35328

The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11817 Simple Tableau Viz <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Tableau Viz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableau' shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11819 WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11819 WP-Thumbnail <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11867

CVE-2025-11867 corresponds to Bg Book Publisher for WordPress. The WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the post meta field book_author, which is rendered through the [book_author] shortcode. Affected versions are all versions up to and including 1.25. The vul...

CVE-2025-11819

CVE-2025-11819 affects the WordPress plugin WP-Thumbnail (versions