8978 matches found
CVE-2025-10125 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'row' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-10125
The CVE-2025-10125 issue affects the WordPress plugin Memberlite Shortcodes (versions prior to or up to 1.4). The vulnerability is a Stored Cross‑Site Scripting flaw in the grid/“row” shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: auth...
CVE-2025-9851
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10166
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8394
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10143
The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catchdarkmode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on t...
CVE-2025-9851
CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...
CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9851 Appointmind <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmindcalendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8394 Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10166 Social Media Shortcodes <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twitter' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10166
CVE-2025-10166 describes a Stored Cross-Site Scripting flaw in the WordPress plugin Social Media Shortcodes (versions up to and including 1.3.1). The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes of the plugin’s twitter shortcode, enabli...
PT-2025-38097
Name of the Vulnerable Software and Affected Versions: Catch Dark Mode plugin for WordPress versions up to and including 2.0 Description: The Catch Dark Mode plugin for WordPress is susceptible to a Local File Inclusion issue via the catch dark mode shortcode. This allows authenticated attackers...
PT-2025-38124
Name of the Vulnerable Software and Affected Versions: Blocksy Companion plugin for WordPress versions up to and including 2.1.10 Description: The Blocksy Companion plugin for WordPress is susceptible to Stored Cross-Site Scripting through the blocksy newsletter subscribe shortcode. Insufficient...
WordPress plugin Catch Dark Mode 安全漏洞
WordPress Catch Dark Mode plugin is an official plugin for enabling dark mode in WordPress websites, offering a wide range of customization options and pre-built theme solutions. The WordPress Catch Dark Mode plugin suffers from a file inclusion vulnerability that stems from a local file inclusio...
PT-2025-38111
Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions prior to 1.5 Description: The Memberlite Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'row' shortcode. Insufficient input sanitization and output...
PT-2025-38098
Name of the Vulnerable Software and Affected Versions: Social Media Shortcodes plugin for WordPress versions up to and including 1.3.1 Description: The Social Media Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s twitter shortcode. Insufficient...
PT-2025-38103
Name of the Vulnerable Software and Affected Versions: Appointmind plugin for WordPress versions up to and including 4.1.0 Description: The Appointmind plugin for WordPress is susceptible to Stored Cross-Site Scripting through the appointmind calendar shortcode. Insufficient input sanitization an...
PT-2025-38101
Name of the Vulnerable Software and Affected Versions: Productive Style plugin for WordPress versions up to and including 1.1.23 Description: The Productive Style plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display productive breadcrumb shortcode. Insufficient...