PT-2025-2211 · WordPress · Wp Google Street View

Name of the Vulnerable Software and Affected Versions: WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress version 1.1.3 and all versions prior to this. Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode due ...

PT-2025-2221 · WordPress · Precious Metals Charts/Widgets

Name of the Vulnerable Software and Affected Versions: Precious Metals Charts and Widgets for WordPress plugin versions 1.2.8 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode due to insufficient input sanitization and output...

PT-2025-2227 · WordPress · Simple Downloads List

Name of the Vulnerable Software and Affected Versions: Simple Downloads List plugin for WordPress versions up to, and including, 1.4.2 Description: The issue concerns a SQL injection vulnerability via the category attribute of the neofix sdl shortcode. This vulnerability is due to insufficient...

PT-2025-5507 · Unknown · Lars Wallenborn Show/Hide Shortcode

Name of the Vulnerable Software and Affected Versions: Lars Wallenborn Show/Hide Shortcode versions 1.0.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can...

WordPress plugin Show/Hide Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-5464 · Unknown · Machform Shortcode

Name of the Vulnerable Software and Affected Versions: MachForm Shortcode versions 1.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

WordPress plugin MachForm Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-13593

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

PT-2025-2237 · WordPress · Listamester

Name of the Vulnerable Software and Affected Versions: Listamester plugin for WordPress versions up to and including 2.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-2243 · WordPress · Form Builder

Name of the Vulnerable Software and Affected Versions: Form Builder CP plugin for WordPress versions up to and including 1.2.41 Description: The issue is related to SQL Injection via the id parameter of the "CP EASY FORM WILL APPEAR HERE" shortcode. This is due to insufficient escaping on the...

PT-2025-2226 · WordPress · Bmlt Meeting Map

Name of the Vulnerable Software and Affected Versions: BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.0 Description: The issue allows authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server via the bmlt meeti...

PT-2025-2122 · WordPress · Mdtf

Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mdf results by ajax' shortcode due to insufficient input...

CVE-2025-23449

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through = 1.3.2...

CVE-2025-23449 WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Simple shortcode buttons allows Reflected XSS. This issue affects Simple shortcode buttons: from n/a through 1.3.2...

CVE-2025-23449

CVE-2025-23449 is a reflected XSS in the NotFound Simple shortcode buttons of the WordPress Simple Shortcode Buttons plugin, affecting versions n/a–1.3.2. Root cause: improper input neutralization during web page generation. CVSS v3.1 base score 7.1 (HIGH). No explicit public exploit status or re...

CVE-2024-13499

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13495

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13499

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13495

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...

CVE-2024-13499 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...