CVE-2025-6061 kk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin kk Youtube Video 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-4585

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4584

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-4585 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode

The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4585

CVE-2025-4585 - The IRM Newsroom WordPress plugin (versions

CVE-2025-5534

The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-49250 WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through 25.05.13...

CVE-2025-49250 WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through 25.05.13...

CVE-2025-5534

The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-5534 ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-5534

CVE-2025-5534 affects the ESV Bible Shortcode for WordPress plugin. It permits Stored XSS via the esv shortcode in all versions up to and including 1.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication at contributor lev...

WordPress plugin ESV Bible Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

PT-2025-24037 · WordPress · Esv Bible Shortcode

Name of the Vulnerable Software and Affected Versions: ESV Bible Shortcode plugin versions 1.0.2 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'esv' shortcode. This allows authenticated attackers with...

PT-2025-24042 · WordPress · Hide It

Name of the Vulnerable Software and Affected Versions: Hide It plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress ESV Bible Shortcode for WordPress plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin ESV Bible Shortcode for WordPress versions = 1.0.2...

CVE-2025-5539

The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2025-4670

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eddreceipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user...

CVE-2025-23791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mikakaltoft Horizontal Line Shortcode horizontal-line-shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through = 1.0...

CVE-2025-24687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lars Wallenborn Show/Hide Shortcode showhide-shortcode allows Stored XSS.This issue affects Show/Hide Shortcode: from n/a through = 1.0.0...