8980 matches found
CVE-2025-8905
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-7650
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7507
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-8905
CVE-2025-8905 concerns the WordPress plugin Inpersttion For Theme (versions up to 1.0). The vulnerability allows an authenticated attacker with Contributor-level access or higher to execute arbitrary server-side functions via the theme_section_shortcode() function, resulting in Remote Code Execut...
CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-8905 Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call
The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the themesectionshortcode function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with...
CVE-2025-7662 Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection
The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-7507 elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-lev...
CVE-2025-7650
The CVE-2025-7650 entry concerns the BizCalendar Web WordPress plugin (versions up to 1.1.0.50) and describes an Authenticated (Contributor+) Local File Inclusion via the bizcalv shortcode. The underlying risk is that an authenticated attacker with Contributor-level access can include and execute...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-7650 BizCalendar Web <= 1.1.0.53 - Authenticated (Contributor+) Local File Inclusion
The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2025-8604
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-8604
CVE-2025-8604 – WP Table Builder vulnerability: Stored Cross-Site Scripting via the wptb shortcode in WordPress Table Plugin versions up to and including 2.0.12, caused by insufficient input sanitization and output escaping on user-supplied attributes. The issue affects authenticated users with c...
CVE-2025-8604 WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-8604 WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
PT-2025-33458 · WordPress · Elink – Embed Content
Name of the Vulnerable Software and Affected Versions: elink – Embed Content plugin for WordPress versions up to and including 1.1.0 Description: The elink – Embed Content plugin for WordPress is susceptible to malicious redirection due to insufficient restriction of URLs supplied through the eli...
WordPress Inline Stock Quotes plugin cross-site scripting vulnerability
WordPress Inline Stock Quotes plugin is a WordPress plugin that allows users to dynamically insert stock quote information into a post or page via the stock shortcode, supporting real-time updates of stock quotes and dynamic data. WordPress Inline Stock Quotes plugin suffers from a cross-site...
PT-2025-33467 · WordPress · Inpersttion For Theme
Name of the Vulnerable Software and Affected Versions: Inpersttion For Theme plugin for WordPress versions prior to 1.0 Description: The Inpersttion For Theme plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 1.0 via the theme section shortcode function...
PT-2025-33460 · WordPress · Bizcalendar Web
Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...
CVE-2025-54746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through = 1.0.02...