CVE-2024-10818

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-6718

The CVE-2024-6718 entry concerns the PVN Auth Popup WordPress plugin (versions

CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode

The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5440

Affected software: WordPress plugin If-So Dynamic Content Personalization, versions prior to 1.8.0.3. Vulnerability: The plugin does not validate and escape certain shortcode attributes before outputting them on the page/post where the shortcode is embedded, enabling Stored XSS if exploited. Impa...

CVE-2024-5440 If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS

The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-12722

CVE-2024-12722 affects the WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode, alleging Stored Cross-Site Scripting via shortcode attributes in versions

CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-12722 Twitter Bootstrap Collapse aka Accordian Shortcode <= 1.0 - Stored XSS via Shortcode

The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-11502

The CVE concerns the Planning Center Online Giving WordPress plugin (versions 1.0.0 and earlier). The vulnerability is due to unvalidated and unescaped shortcode attributes being echoed in pages/posts, enabling Stored XSS for users with the contributor role and above. Impact is described as store...

CVE-2024-11502 Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode

The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2024-10818

CVE-2024-10818 affects the WordPress JSFiddle Shortcode plugin prior to version 1.1.3. The vulnerability arises because the plugin does not validate and escape some shortcode attributes before echoing them in pages/posts, enabling Stored XSS when a user with Contributor role or higher renders a s...

CVE-2024-10818 JSFiddle Shortcode < 1.1.3 - Contributor+ XSS via Shortcode

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10818 JSFiddle Shortcode < 1.1.3 - Contributor+ XSS via Shortcode

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2024-13914

Summary: CVE-2024-13914 affects the WordPress plugins File Manager Advanced Shortcode (versions up to 2.5.4) and advanced-file-manager-pro-premium (2.5.6). It is a Local File Inclusion vulnerability exploitable via the file_manager_advanced shortcode, enabling authenticated administrators (and hi...

CVE-2025-4126

CVE-2025-4126 affects the WordPress EG-Series plugin (versions up to and including 2.1.1). Affected component is the shortcode_title handling in the [series] shortcode, where insufficient input sanitization and output escaping allows authenticated attackers (contributor level+) on sites with Clas...

WordPress plugin PVN Auth Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin JSFiddle Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin File Manager Advanced Shortcode 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...