PT-2025-1918 · WordPress · Yumpu E-Paper

Name of the Vulnerable Software and Affected Versions: Yumpu E-Paper publishing plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode due to insufficient input sanitization and output escaping ...

PT-2025-1866 · WordPress · Files Download Delay

Name of the Vulnerable Software and Affected Versions: Files Download Delay plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

PT-2025-1958 · WordPress · Searchie

Name of the Vulnerable Software and Affected Versions: Searchie plugin for WordPress versions up to, and including, 1.17.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sio embed media shortcode due to insufficient input sanitization and output escaping on...

WordPress Auto iFrame plugin < 2.0 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Auto iFrame versions 2.0...

CVE-2024-10151

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10151

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10151 Auto iFrame < 2.0 - Contributor+ XSS via Shortcode

The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10151

CVE-2024-10151 concerns the Auto iFrame WordPress plugin (before 2.0). It allows Stored XSS via unvalidated shortcode attributes output in posts when the shortcode is embedded. Affected users must have Contributor+ rights; impact is limited to stored XSS on pages using the shortcode. Connected Re...

CVE-2024-12030

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdfvalue' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Auto iFrame 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1578 · WordPress · Auto Iframe

Name of the Vulnerable Software and Affected Versions: Auto iFrame WordPress plugin versions prior to 2.0 Description: The issue concerns the Auto iFrame WordPress plugin, where versions prior to 2.0 do not validate and escape some of its shortcode attributes before outputting them back in a page...

CVE-2025-22558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

CVE-2025-22555 WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Noel Jarencio. Smoothness Slider Shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through v1.2.2...

CVE-2025-22555

CVE-2025-22555 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Smoothness Slider Shortcode, affecting versions up to v1.2.2. The description notes CSRF can lead to stored Cross-Site Scripting (XSS); CVSS vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, base score 7.1 (HIG...

CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

CVE-2025-22558

CVE-2025-22558 affects the WordPress plugin mcjh button shortcode . The vulnerability is described as an stored Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, impacting the mcjh button shortcode from version n/a up to 1.6.4. The CVSS metrics in the ...

WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Smoothness Slider Shortcode versions = v1.2.2...

WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin mcjh button shortcode versions = 1.6.4...

CVE-2024-11826

The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including...

WordPress Tabs Shortcode plugin <= 2.0.2 - Contributor+ XSS via Shortcode vulnerability

Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tabs Shortcode versions = 2.0.2...