CVE-2024-13674

The Cosmic Blocks 40+ Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwpsocialshare' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-1407

The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteamskills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13672

The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied...

PT-2025-7377 · WordPress · The Mini Course Generator

Name of the Vulnerable Software and Affected Versions: The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and outpu...

PT-2025-7515 · WordPress · Wp-Appbox

Name of the Vulnerable Software and Affected Versions: WP-Appbox plugin for WordPress versions up to, and including, 4.5.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's appbox shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2025-7347 · WordPress · Tcbd Tooltip

Name of the Vulnerable Software and Affected Versions: TCBD Tooltip plugin for WordPress versions up to, and including, 1.0 Description: The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tcbdtooltip text shortcode due to insufficient input...

WordPress WP-Appbox plugin <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via appbox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via appbox Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP-Appbox versions = 4.5.4...

WordPress Pie Calendar plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via piecal Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Pie Calendar versions = 1.2.5...

WordPress Newpost Catch plugin <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via npc Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Newpost Catch versions = 1.3.19...

CVE-2024-13689

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13797

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

CVE-2024-13792 WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

CVE-2024-13792 WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

CVE-2024-13855 Prime Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode

The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the paeglobalblock shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-1064

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-1064

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-0897

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...