8962 matches found
EUVD-2025-35322
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11872
CVE-2025-11872 affects the Material Design Iconic Font Integration plugin for WordPress (versions
CVE-2025-11872 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-11872 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Material Design Iconic Font Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdiconic' shortcode in all versions up to, and including, 2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-11804 JB News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-11834 WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP AD Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'startindex' parameter of the ad-gallery shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Mixlr Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Mixlr Shortcode versions = 1.0.1...
WordPress Print Button Shortcode plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Print Button Shortcode versions = 1.0.1...
WordPress plugin Simple Youtube Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site scripti...
WordPress plugin Print Button Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Shortcode Generator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-43206
Name of the Vulnerable Software and Affected Versions Shortcode Generator versions through 1.1 Description The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-site Scripting XSS. This means that malicious code can be injected...
WordPress plugin Mixlr Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
WordPress Simple Youtube Shortcode plugin <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Simple Youtube Shortcode versions = 1.1.3...
WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...
WordPress Quick Social Login plugin cross-site scripting vulnerability
WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...
WordPress Shortcode Button plugin cross-site scripting vulnerability
WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...
WordPress Digiseller plugin cross-site scripting vulnerability
WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...
CVE-2025-10006
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-34977
The Redirection for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's qsdate shortcode in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...