WordPress plugin GMap Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Mindmeister Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin PDF.js Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress plugin Enhanced YouTube Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Sidebar-Content from Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin Easy Shortcode Buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-5123 · WordPress · Easy Shortcode Buttons

Name of the Vulnerable Software and Affected Versions: Easy Shortcode Buttons versions n/a through 1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject malicio...

PT-2025-1617 · WordPress · The Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress versions 1.4.43 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software...

PT-2025-2146 · WordPress · Wp Responsive Tabs

Name of the Vulnerable Software and Affected Versions: WP Responsive Tabs plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin Shortcode in Comment 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerabilit...

PT-2025-4995 · Unknown · Pflonk Sidebar-Content From Shortcode

Name of the Vulnerable Software and Affected Versions: pflonk Sidebar-Content from Shortcode versions prior to 2.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This problem enabl...

PT-2025-4977 · Unknown · Andrea Brandi Twitter Shortcode

Name of the Vulnerable Software and Affected Versions: Andrea Brandi Twitter Shortcode versions 0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

PT-2025-5223 · Unknown · Enhanced Youtube Shortcode

Name of the Vulnerable Software and Affected Versions: Enhanced YouTube Shortcode versions prior to 2.0.1 le Pixel Solitaire Enhanced YouTube Shortcode versions prior to 2.0.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-si...

WordPress plugin Horizontal Line Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Twitter Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-22743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode twitter-bootstrap-collapse-aka-accordian-shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian...

WordPress Motors plugin <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Custom Title vulnerability discovered by WordFence in WordPress Plugin Motors versions = 1.4.43...

WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Contact Form With Shortcode versions = 4.2.5...

CVE-2024-12593 PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode

The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdfdotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-12593

CVE-2024-12593 affects the WordPress plugin PDF for WPForms + Drag and Drop Template Builder. It is a Stored Cross-Site Scripting vulnerability in the yeepdf_dotab shortcode caused by insufficient input sanitization and output escaping on user-provided attributes. Impact: authenticated attackers ...