8980 matches found
CVE-2025-1437
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Advanced Woo Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Advanced Woo Search plugin <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via awssearchterms Shortcode vulnerability discovered by yudha in WordPress Plugin Advanced Woo Search versions = 3.28...
WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin 4.11.13-5.25.08 - CSRF to RCE vulnerability
CSRF to RCE vulnerability discovered by luckybuddy in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions 4.11.13-5.25.08...
WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress DesignThemes Core Features plugin <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin DesignThemes Core Features versions = 4.8...
CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Info Boxes Shortcode and Widget allows Cross Site Request Forgery. This issue affects Info Boxes Shortcode and Widget: from n/a through 1.15...
CVE-2025-30541
CVE-2025-30541 is a CSRF vulnerability in the WordPress plugin “Info Boxes Shortcode and Widget.” Affected versions are up to 1.15 (from n/a through 1.15). The CVSS 3.1 base metrics indicate an overall MEDIUM impact (4.3), requiring user interaction with networked access and low attack complexity...
CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget allows Cross Site Request Forgery.This issue affects Info Boxes Shortcode and Widget: from n/a through = 1.15...
WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Info Boxes Shortcode and Widget versions = 1.15...
WordPress plugin Info Boxes Shortcode and Widget 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Info Boxes...
CVE-2025-2262
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...
VulnCheck KEV: CVE-2024-3808
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
WordPress s2Member Pro plugin <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion to Remote Code Execution via Shortcode vulnerability discovered by István Márton in WordPress Plugin s2Member Pro versions = 250214...
CVE-2025-2262
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...
CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...
CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...
CVE-2025-2262
CVE-2025-2262 – WordPress Logo Slider (GS-Logo-Slider) vulnerability : Affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation for WordPress, versions up to and including 3.7.3. The flaw arises from executing an action without proper validation before running...
WordPress plugin Logo Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Logo Slider plugin <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin GS Logo Slider versions = 3.7.3...