CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-8105

CVE-2025-8105 relates to the Soledad WordPress theme (versions ≤ 8.6.7). The vulnerability allows unauthenticated attackers to trigger arbitrary shortcode execution via do_shortcode due to insufficient value validation. Multiple sources (Wordfence, NVD, patched advisories) confirm the issue and i...

CVE-2025-8719

The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘baselang’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-8719

CVE-2025-8719 documents a Stored Cross-Site Scripting vulnerability in Translate This gTranslate Shortcode for WordPress, affecting all versions up to 1.0. The issue is triggered via the base_lang parameter and requires authentication at Contributor level or higher to inject scripts that execute ...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649

CVE-2025-7649 affects the WordPress plugin Surbma | Recent Comments Shortcode. The vulnerability is a Stored Cross‑Site Scripting (XSS) via the plugin's recent-comments shortcode in all versions up to and including 2.0. An attacker with at least a contributor‑level account can inject arbitrary sc...

CVE-2025-7651

CVE-2025-7651 covers the Earnware Connect WordPress plugin. It is a Stored Cross-Site Scripting vulnerability in the ew_hasrole shortcode, affecting all versions up to 1.0.73 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticati...

CVE-2025-7651 Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ewhasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2025-7651 Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ewhasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

WordPress Soledad theme <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Theme Soledad versions = 8.6.7...

PT-2025-33529 · WordPress · Earnware Connect

Name of the Vulnerable Software and Affected Versions: Earnware Connect versions prior to 1.0.74 Description: The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew hasrole shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Surbma | Recent Comments Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-33528 · WordPress · Surbma | Recent Comments Shortcode

Name of the Vulnerable Software and Affected Versions: Surbma | Recent Comments Shortcode plugin for WordPress versions up to and including 2.0 Description: The Surbma | Recent Comments Shortcode plugin for WordPress is susceptible to Stored Cross-Site Scripting via the plugin's recent-comments...

WordPress plugin Earnware Connect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Translate This gTranslate Shortcode Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-33543 · WordPress · Gtranslate +1

Name of the Vulnerable Software and Affected Versions: gTranslate versions prior to 1.0 Description: The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the base lang parameter due to insufficient input sanitization and output escaping. Th...

PT-2025-33590 · WordPress · Soledad Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Soledad WordPress Theme versions prior to 8.6.8 Description: The Soledad theme for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate a value before running do shortcode,...

PT-2025-33593 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions prior to 4.16.5 Description: The ProfilePress WordPress plugin is susceptible to arbitrary shortcode execution. The software does not properly validate a value before running do shortcode, allowing unauthenticated...

WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Surbma | Recent Comments Shortcode versions = 2.0...