CVE-2025-22276

CVE-2025-22276 is a stored XSS vulnerability in the WordPress Related Post Shortcode plugin. Affected: Related Post Shortcode (versions up to 1.2, n/a through 1.2). Root cause: improper neutralization of input during web page generation. Impact: stored cross-site scripting vulnerability with low–...

WordPress plugin Weaver Themes Shortcode Compatibility 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

PT-2025-2191 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue is related to arbitrary shortcode execution via the gamipress do shortcode function. This ...

CVE-2024-9020

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9020

The CVE-2024-9020 entry affects the WordPress plugin List category posts, specifically versions prior to 0.90.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, which can allow users with Contributor+ privileges to ...

WordPress plugin JSM Screenshot Machine Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-2149 · WordPress · The Rate Star Review Vote – Ajax Reviews

Name of the Vulnerable Software and Affected Versions: The Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper reviews' shortcode due to...

PT-2025-2171 · WordPress · Utilities For Mtg

Name of the Vulnerable Software and Affected Versions: Utilities for MTG plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-2148 · WordPress · Micropayments – Fans Paysite

Name of the Vulnerable Software and Affected Versions: MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress versions up to, and including, 2.9.29 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper...

PT-2025-2150 · WordPress · Video Share Vod – Turnkey Video Site Builder Script

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions up to, and including, 2.6.31 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper videos' shortcode due to insufficie...

WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Weaver Themes Shortcode Compatibility versions = 1.0.4...

WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Pham Ngoc Duy Patchstack Alliance in WordPress Plugin Related Post Shortcode versions = 1.2...

PT-2025-3706 · WordPress · List Category Posts

Name of the Vulnerable Software and Affected Versions: List category posts WordPress plugin versions prior to 0.90.3 Description: The issue concerns the List category posts WordPress plugin, where versions prior to 0.90.3 do not validate and escape some of its shortcode attributes before outputti...

WordPress JSM Screenshot Machine Shortcode plugin <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin JSM Screenshot Machine Shortcode versions = 2.3.0...

PT-2025-2154 · WordPress · Checkout For Paypal

Name of the Vulnerable Software and Affected Versions: Checkout for PayPal plugin for WordPress versions up to, and including, 1.0.32 Description: The issue is related to Stored Cross-Site Scripting via the plugin's checkout for paypal shortcode due to insufficient input sanitization and output...

PT-2025-2157 · WordPress · Payment Button For Paypal

Name of the Vulnerable Software and Affected Versions: Payment Button for PayPal plugin for WordPress versions up to, and including, 1.2.3.35 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wp paypal checkout shortcode. Thi...

CVE-2025-23946

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Le-Pixel-Solitaire Enhanced YouTube Shortcode enhanced-youtube-shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through = 2.0.1...

CVE-2025-23943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aruvi PDF.js Shortcode pdfjs-shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through = 1.0...