WordPress plugin BeerXML Shortcode 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-17817 · Unknown · Beerxml Shortcode

Name of the Vulnerable Software and Affected Versions: BeerXML Shortcode versions 0.71 and earlier Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. This issue can be exploited by making the server send requests to unintended...

PT-2025-17839 · Unknown · Gna Search Shortcode

Name of the Vulnerable Software and Affected Versions: GNA Search Shortcode versions 0.9.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

CVE-2025-3457

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwpicon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-3472

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3472 Ocean Extra <= 2.4.6 - Unauthenticated Arbitrary Shortcode Execution

The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-3472

The CVE-2025-3472 entry concerns the Ocean Extra WordPress plugin (versions up to and including 2.4.6). The vulnerability arises from inadequate validation in handling shortcodes via do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is installed and...

CVE-2025-3457

The CVE-2025-3457 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Ocean Extra plugin (versions up to and including 2.4.6) that is exploitable by authenticated attackers with contributor-level access and above via the oceanwp_icon shortcode. The issue arises from...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-17522

Name of the Vulnerable Software and Affected Versions The Ocean Extra plugin for WordPress versions up to, and including, 2.4.6 Description The issue is related to arbitrary shortcode execution. It occurs because the software does not properly validate a value before running do shortcode, allowin...

WordPress plugin Ocean Extra 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2025-39432 WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antonchanning bbPress2 shortcode whitelist bbpress2-shortcode-whitelist allows Stored XSS.This issue affects bbPress2 shortcode whitelist: from n/a through = 2.2.1...

CVE-2025-39432 WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antonchanning bbPress2 shortcode whitelist allows Stored XSS. This issue affects bbPress2 shortcode whitelist: from n/a through 2.2.1...

CVE-2025-39432

CVE-2025-39432 is a CSRF-to-XSS vulnerability in the WordPress plugin “bbPress2 shortcode whitelist” (affected versions 2.2.1 and earlier). The issue enables stored XSS via improper input neutralization during web page generation. Public details confirm affected software and the vulnerability cla...

WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by johska Patchstack Alliance in WordPress Plugin bbPress2 shortcode whitelist versions = 2.2.1...

WordPress plugin bbPress2 shortcode whitelist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Event Espresso – Custom Email Template Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Event Espresso -...

PT-2025-16999 · Bbpress2 · Bbpress2

Name of the Vulnerable Software and Affected Versions: bbPress2 shortcode whitelist versions 2.2.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This is due to a vulnerability in the bbPress2...

CVE-2025-3077

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Betheme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...