CVE-2025-10126 MyBrain Utilities <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-10126 MyBrain Utilities <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MyBrain Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugins's 'mbumap' shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-7826

CVE-2025-7826 affects the WordPress Indianic Testimonial plugin (Testimonial) via SQL Injection in the iNICtestimonial shortcode. Vulnerable up to and including version 2.3 due to insufficient escaping and lack of query preparation, enabling authenticated attackers with Contributor+ privileges to...

WordPress plugin MyBrain Utilities 跨站脚本漏洞

WordPress MyBrain Utilities plugin is a plugin for enhancing the functionality of your website, mainly for optimizing the performance and user experience. A cross-site scripting vulnerability exists in the WordPress MyBrain Utilities plugin that stems from insufficient input cleanup and output...

WordPress plugin Testimonial SQL注入漏洞

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...

WordPress plugin Heateor Login 跨站脚本漏洞

WordPress Heateor Login plugin is a social login plugin for WordPress, which supports users to realize one-click login and registration function through 23 social networks such as Facebook, Twitter, LinkedIn, Google and so on. A cross-site scripting vulnerability exists in the WordPress Heateor...

PT-2025-37008

Name of the Vulnerable Software and Affected Versions: MyBrain Utilities plugin for WordPress versions up to and including 1.0.8 Description: The MyBrain Utilities plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mbumap shortcode due to inadequate input sanitization...

CVE-2025-32688

CVE-2025-32688 targets the Sovica/Target Video Easy Publish WordPress plugin. Versions up to 3.8.8 are affected by a Missing Authorization vulnerability (privilege escalation) as described in the CVE entry. Public details across connected docs confirm affected product (Target Video Easy Publish),...

CVE-2025-32688 WordPress Target Video Easy Publish plugin <= 3.8.9 - Arbitrary Code Execution vulnerability

Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through = 3.8.9...

CVE-2025-32688 WordPress Target Video Easy Publish plugin <= 3.8.9 - Arbitrary Code Execution vulnerability

Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through = 3.8.9...

CVE-2025-9058

The Mikado Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-9489 WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

PT-2025-36571

Name of the Vulnerable Software and Affected Versions: The WP-Members Membership Plugin versions prior to 3.5.4.3 Description: The WP-Members Membership Plugin is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate a value before running do...

PT-2025-36573

Name of the Vulnerable Software and Affected Versions: Wilmer Core plugin for WordPress versions up to and including 2.4.5 Description: The Wilmer Core plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcodes due to inadequate input sanitization and output escaping of...

CVE-2025-9853

The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7366

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

CVE-2025-58876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reubenthiessen Translate This gTranslate Shortcode translate-this-google-translate-web-element-shortcode allows Stored XSS.This issue affects Translate This gTranslate Shortcode: from n/a through =...

CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...