CVE-2024-13573

The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfmrfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13573

The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfmrfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13501

The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13464

The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-13573

CVE-2024-13573 relates to the WordPress plugin Zigaform – Form Builder Lite . Connected docs confirm a Stored Cross-Site Scripting (XSS) in this plugin, affecting versions up to at least 7.4.7 (according to PatchStack) and tied to the plugin's vulnerable shortcode handling. The issue stems from i...

PT-2025-6578 · WordPress · Simplebooklet Pdf Viewer/Embedder

Name of the Vulnerable Software and Affected Versions: Simplebooklet PDF Viewer and Embedder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode due to insufficient input sanitization...

PT-2025-6575 · WordPress · Simple Charts

Name of the Vulnerable Software and Affected Versions: Simple Charts plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the simple chart shortcode. This allows authenticated...

PT-2025-6555 · WordPress · Wp-Formassembly

Name of the Vulnerable Software and Affected Versions: WP-FormAssembly plugin for WordPress versions up to, and including, 2.0.11 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode due to insufficient input sanitization and output escaping o...

PT-2025-6572 · WordPress · Cats Job Listings

Name of the Vulnerable Software and Affected Versions: CATS Job Listings plugin for WordPress versions up to and including 2.0.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-6577 · WordPress · Zigaform – Price Calculator & Cost Estimation Form Builder

Name of the Vulnerable Software and Affected Versions: Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zgfm fvar' shortcode due to...

WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...

WordPress PressMart theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme PressMart versions = 1.2.16...

WordPress WP-FormAssembly plugin <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by yudha in WordPress Plugin WP-FormAssembly versions = 2.0.11...

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13345

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

PT-2025-6560 · WordPress · Customer Email Verification For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Email Verification for WooCommerce plugin for WordPress versions up to, and including, 2.9.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including emails an...

PT-2025-6567 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.30 Description: The issue is related to Stored Cross-Site Scripting via the plugin's forgot-password shortcode due to insufficient input sanitization and output escaping ...

CVE-2025-24564

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...

CVE-2025-24564

CVE-2025-24564 corresponds to a WordPress plugin vulnerability: WordPress plugin “Contact Form With Shortcode” (versions up to 4.2.5) suffers a Reflected XSS due to improper input neutralization during page generation. The issue is tracked across multiple feeds (Red Hat, NVD, CVE List) with the s...