CVE-2025-6757 Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode

The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6757 Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode

The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9853

Optio Dentistry for WordPress is vulnerable to a Stored Cross-Site Scripting (stored XSS) via the optio-lightbox shortcode in all versions up to 2.2. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contributo...

CVE-2025-9849

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7366

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

CVE-2025-9849 Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-9849 Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7366

The CVE-2025-7366 entry concerns the REHub - Price Comparison, Multi Vendor Marketplace WordPress Theme. According to multiple sources in the connected documents, versions up to and including 19.9.7 are affected by an unauthenticated arbitrary shortcode execution flaw triggered via re_filterpost,...

CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

WordPress plugin REHub 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin Html Social share buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-36353

Name of the Vulnerable Software and Affected Versions: Html Social share buttons plugin for WordPress versions prior to 2.1.17 Description: The Html Social share buttons plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s zm sh btn shortcode. Insufficient input...

PT-2025-36347

Name of the Vulnerable Software and Affected Versions: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to arbitrary shortcode execution...

WordPress Rehub theme <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost vulnerability

Unauthenticated Arbitrary Shortcode Execution via refilterpost vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...

CVE-2025-9057

The CVE-2025-9057 entry concerns Biagiotti Core for WordPress, vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 2.1.3 due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Contributor+ permissions, who ...

CVE-2025-58609

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Stored XSS.This issue affects Latest Post Shortcode: from n/a through = 14.0.3...

CVE-2025-58880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in reubenthiessen Translate This gTranslate Shortcode translate-this-google-translate-web-element-shortcode allows Stored XSS.This issue affects Translate This gTranslate Shortcode: from n/a through =...

CVE-2025-58876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Video Shortcode: from n/a through = 0.2.4...

CVE-2025-58880

CVE-2025-58880 affects the WordPress plugin Translate This gTranslate Shortcode (versions up to 1.0). The vulnerability is an Stored Cross-Site Scripting (XSS) arising from improper input neutralization during web page generation. The CVE entry notes a MODERATE risk (CVSS v3.1 base score 6.5) wit...