8980 matches found
CVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-58683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke Mlsna Last Updated Shortcode last-updated-shortcode allows Stored XSS.This issue affects Last Updated Shortcode: from n/a through = 1.0.1...
CVE-2025-58021
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...
CVE-2025-58022
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxpagels ShortCode shortcode allows Stored XSS.This issue affects ShortCode: from n/a through = 0.8.1...
CVE-2025-58653
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JS Morisset JSM filegetcontents Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM filegetcontents Shortcode: from n/a through = 2.7.1...
CVE-2025-57989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
CVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8902 Widget Options - Extended <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dosidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8902
CVE-2025-8902 refers to the WordPress plugin Widget Options - Extended . The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s shortcodes (specifically the do_sidebar shortcode) across versions up to and including 5.2.1, caused by insufficient input sanitization and output...
CVE-2025-58683
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Luke Mlsna Last Updated Shortcode last-updated-shortcode allows Stored XSS.This issue affects Last Updated Shortcode: from n/a through = 1.0.1...
CVE-2025-58653
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JS Morisset JSM filegetcontents Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM filegetcontents Shortcode: from n/a through = 2.7.1...
CVE-2025-58021
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in douglaskarr List Child Pages Shortcode list-child-pages-shortcode allows Stored XSS.This issue affects List Child Pages Shortcode: from n/a through = 1.3.1...
CVE-2025-58022
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxpagels ShortCode shortcode allows Stored XSS.This issue affects ShortCode: from n/a through = 0.8.1...
CVE-2025-57989
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin WordPress Widgets Shortcode versions = 1.0.3...
WordPress List Child Pages Shortcode Plugin <= 1.3.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin List Child Pages Shortcode versions = 1.3.1...
WordPress ShortCode Plugin <= 0.8.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin ShortCode versions = 0.8.1...
WordPress Last Updated Shortcode Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin Last Updated Shortcode versions = 1.0.1...
CVE-2025-57989 WordPress WordPress Widgets Shortcode Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brajesh Singh WordPress Widgets Shortcode wp-widgets-shortcode allows Stored XSS.This issue affects WordPress Widgets Shortcode: from n/a through = 1.0.3...
CVE-2025-57989
CVE-2025-57989 is an Stored XSS in WordPress Widgets Shortcode (Authenticated) affecting WordPress Widgets Shortcode