8978 matches found
CVE-2025-10180
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10180
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10136
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10136 TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10136
CVE-2025-10136 concerns the WordPress plugin TweetThis Shortcode. The TweetThis Shortcode plugin is vulnerable to Stored Cross-Site Scripting via its tweetthis shortcode in all versions up to and including 1.8.0 due to insufficient input sanitization and output escaping on user-supplied attribute...
CVE-2025-10180
CVE-2025-10180 affects the Markdown Shortcode WordPress plugin. Vulnerable component: the Markdown Shortcode (markdown-shortcode) in versions up to and including 0.2.1. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the markdown shortcode, enabling ...
CVE-2025-10180 Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10136 TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10180 Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-8906
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress TweetThis Shortcode plugin <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TweetThis Shortcode versions = 1.8.0...
WordPress Markdown Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Markdown Shortcode versions = 0.2.1...
PT-2025-39480
Name of the Vulnerable Software and Affected Versions Widgets for Tiktok Feed plugin for WordPress versions up to and including 1.7.3 Description The Widgets for Tiktok Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'trustindex-feed' shortcode. This is due to...
PT-2025-39514
Name of the Vulnerable Software and Affected Versions TweetThis Shortcode plugin for WordPress versions prior to 1.8.1 Description The TweetThis Shortcode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'tweetthis' shortcode. Insufficient input sanitization and outp...
PT-2025-39516
Name of the Vulnerable Software and Affected Versions Markdown Shortcode plugin for WordPress versions prior to 0.2.2 Description The Markdown Shortcode plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'markdown' shortcode. Insufficient input sanitization and output...
WordPress plugin TweetThis Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripti...
WordPress plugin Markdown Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...
CVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-58683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke Mlsna Last Updated Shortcode last-updated-shortcode allows Stored XSS.This issue affects Last Updated Shortcode: from n/a through = 1.0.1...