CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WPEASYFAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8686

CVE-2025-8686 details from the provided documents: The WordPress plugin WP Easy FAQs (WP Easy FAQs) is vulnerable to Stored Cross-Site Scripting (Stored XSS) via the WP_EASY_FAQ shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. The flaw affects all ...

CVE-2025-8721

CVE-2025-8721 affects the WordPress plugin Workable API (wrapper-for-workable-api) up to version 1.0.4. The vulnerability is a Stored Cross-Site Scripting via the workable_jobs shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Public sources (Wor...

CVE-2025-8721 Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode

The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workablejobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

WordPress plugin Evenium 跨站脚本漏洞

The Evenium plugin is an event management tool for the WordPress platform for creating and integrating Evenium meeting management features. Evenium plugin version 1.3.11 and prior versions suffer from a stored XSS vulnerability that stems from insufficient filtering of shortcode user input...

PT-2025-37155

The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'evenium single event' shortcode in all versions up to, and including, 1.3.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-37157

The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

PT-2025-37139

The Workable Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's workable jobs shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-37156

The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bibliplug authors' shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-37135

The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WP EASY FAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-37159

Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings plugin for WordPress versions up to and including 1.6 Description: The Ultimate Classified Listings plugin for WordPress is susceptible to Local File Inclusion via the uclwp dashboard shortcode. Authenticated...

PT-2025-37126

The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

VulnCheck KEV: CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-7826

The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10126

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

CVE-2025-9857 Heateor Login – Social Login Plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Heateor Login – Social Login Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HeateorFacebookLogin' shortcode in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This make...

CVE-2025-10126

CVE-2025-10126 affects the WordPress MyBrain Utilities plugin (mbumap shortcode) up to version 1.0.8. Root cause: insufficient input sanitization and output escaping on user-supplied shortcode attributes, enabling Stored Cross-Site Scripting. Impact: authenticated attackers withContributor+ privi...