CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

CVE-2025-10130 Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Layers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'webcam' shortcode in all versions up to, and including, 0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

CVE-2025-10179 My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2025-10179 My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The My AskAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'myaskai' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

PT-2025-39929

Name of the Vulnerable Software and Affected Versions Eulerpool Research Systems plugin for WordPress versions through 4.0.1 Description The software contains a flaw due to inadequate input sanitization and output escaping on user-supplied attributes within the 'aaq' shortcode. This allows...

PT-2025-39948

Name of the Vulnerable Software and Affected Versions Yoga Schedule Momoyoga plugin for WordPress versions prior to 2.9.1 Description The Yoga Schedule Momoyoga plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'momoyoga-schedule' shortcode. Insufficient input...

WordPress plugin Eulerpool Research Systems 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

PT-2025-39955

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions through 5.1.94 Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is...

PT-2025-39935

Name of the Vulnerable Software and Affected Versions BP Direct Menus plugin for WordPress versions prior to 1.0.1 Description The BP Direct Menus plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'bpdm login' shortcode. Insufficient input sanitization and output...

PT-2025-39931

Name of the Vulnerable Software and Affected Versions All Social Share Options plugin for WordPress versions prior to 1.1 Description The All Social Share Options plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s ‘sc’ shortcode. Insufficient input sanitizatio...

PT-2025-39934

Name of the Vulnerable Software and Affected Versions dbview plugin for WordPress versions prior to 0.5.6 Description The dbview plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'dbview' shortcode. Insufficient input sanitization and output escaping on user-supplied...

PT-2025-39933

Name of the Vulnerable Software and Affected Versions My AskAI plugin for WordPress versions prior to 1.0.1 Description The My AskAI plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'myaskai' shortcode. This is caused by inadequate input sanitization and output...

PT-2025-39936

Name of the Vulnerable Software and Affected Versions The Big Post Shipping for WooCommerce plugin versions prior to 2.1.2 Description The software is susceptible to Stored Cross-Site Scripting through the 'wooboigpost shipping status' shortcode. Insufficient input sanitization and output escapin...

PT-2025-39930

Name of the Vulnerable Software and Affected Versions Layers plugin for WordPress versions prior to 0.6 Description The Layers plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'webcam' shortcode. This is due to inadequate input sanitization and output escaping of...

PT-2025-39937

Name of the Vulnerable Software and Affected Versions Survey Anyplace plugin for WordPress versions prior to 1.0.1 Description The software contains a Stored Cross-Site Scripting issue stemming from insufficient input sanitization and output escaping on user-supplied attributes within the...

CVE-2025-10136

The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10180

The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Links shortcode versions = 1.8.3...

CVE-2025-8906

The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Najib Sinjari in WordPress Plugin Everest Forms versions = 3.4.1...