CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xooelaction shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2024-13582

The Simple Pricing Tables For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdosimplepricingtablefree' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping...

WordPress plugin Content Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Modal Window 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-7393 · WordPress · Bandsintown Events

Name of the Vulnerable Software and Affected Versions: Bandsintown Events plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'bandsintown events' shortcode due to insufficient input sanitization and output...

WordPress plugin Embed Any Document 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-7475 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...

WordPress WooCommerce Food - Restaurant Menu & Food ordering plugin <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids vulnerability

WordPress WooCommerce Food - Restaurant Menu & Food ordering plugin = 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids vulnerability discovered by Lucio Sá in WordPress Plugin WooCommerce Food - Restaurant Menu & Food ordering versions = 3.3.2...

WordPress Prime Addons for Elementor plugin <= 2.0.1 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode vulnerability

Authenticated Contributor+ Insecure Direct Object Reference via paeglobalblock Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Prime Addons for Elementor versions = 2.0.1...

WordPress Modal Window plugin <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via iframeBox Shortcode vulnerability discovered by Bassem Essam in WordPress Plugin Modal Window versions = 6.1.5...

CVE-2024-13854

The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naeduelementortemplate shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, wit...

CVE-2024-13679

The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13591

The Team Builder For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-13591

The Team Builder For WPBakery Page BuilderFormerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied...

WordPress Easypromos Plugin plugin <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Easypromos versions = 1.3.8...

CVE-2024-13443

The CVE-2024-13443 entry concerns the Easypromos Plugin for WordPress. It is a Stored XSS vulnerability in the plugin’s Easypromos shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. The issue affects all versions up to and including 1.3.8, and requir...

PT-2025-7324 · WordPress · Ultraembed – Advanced Iframe Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included versions up to, and including, 1.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode due to insufficient...

PT-2025-7374 · WordPress · Store Locator Widget

Name of the Vulnerable Software and Affected Versions: Store Locator Widget plugin for WordPress versions up to, and including, 20200131 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode due to insufficient input sanitization and outp...

PT-2025-7348 · WordPress · Adfo

Name of the Vulnerable Software and Affected Versions: ADFO – Custom data in admin dashboard plugin for WordPress versions up to, and including, 1.9.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'adfo list' shortcode due to insufficient input sanitization and...

PT-2025-7380 · WordPress · Widget Buy.Box

Name of the Vulnerable Software and Affected Versions: Widget BUY.BOX plugin for WordPress versions up to, and including, 3.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode due to insufficient input sanitization and output escaping on...