WordPress plugin Latest Post Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-35743

Name of the Vulnerable Software and Affected Versions: Latest Post Shortcode versions through 14.0.3 Description: The Latest Post Shortcode contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. Recommendations: Update...

CVE-2025-9500

The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-48313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through = 2.2...

CVE-2025-9500

The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9499

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-9500 TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter

The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9500 TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter

The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcodedebug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

CVE-2025-9499

CVE-2025-9499 refers to a Stored Cross‑Site Scripting vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.9). The issue stems from insufficient input sanitization and output escaping in the oceanwp_library shortcode, enabling an authenticated attacker with contribu...

CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-9499 Ocean Extra <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwplibrary shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-35344

Name of the Vulnerable Software and Affected Versions: Ocean Extra plugin for WordPress versions through 2.4.9 Description: The Ocean Extra plugin for WordPress is susceptible to Stored Cross-Site Scripting via the oceanwp library shortcode due to insufficient input sanitization and output escapi...

PT-2025-35345

Name of the Vulnerable Software and Affected Versions: TablePress versions prior to 3.3 Description: The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting via the shortcode debug parameter due to insufficient input sanitization and output escaping. This allows...

Linux Distros Unpatched Vulnerability : CVE-2019-16219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.3 allows XSS in shortcode previews. CVE-2019-16219 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2025-48313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevin heath Tripadvisor Shortcode tripadvisor-shortcode allows Stored XSS.This issue affects Tripadvisor Shortcode: from n/a through = 2.2...

CVE-2025-48313

CVE-2025-48313 affects the WordPress Tripadvisor Shortcode plugin (versions

CVE-2025-48313 WordPress Tripadvisor Shortcode plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kevin heath Tripadvisor Shortcode allows Stored XSS. This issue affects Tripadvisor Shortcode: from n/a through 2.2...

PT-2025-35002

Name of the Vulnerable Software and Affected Versions: Tripadvisor Shortcode versions through 2.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update Tripadvisor Shortcod...

WordPress plugin Tripadvisor Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Custom Query Shortcode plugin <= 0.4.0 - Authenticated (Contributor+) Path Traversal via lens Parameter vulnerability

Authenticated Contributor+ Path Traversal via lens Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Query Shortcode versions = 0.4.0...