WordPress plugin ER Swiffy Insert 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Switch CTA Box 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress plugin Posts map 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Gallagher Website Design 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-34300

Name of the Vulnerable Software and Affected Versions Breaking News WP versions prior to 1.4 Description The Breaking News WP plugin for WordPress contains a Local File Inclusion issue. The 'brnwp ajax form' AJAX endpoint lacks authorization checks and CSRF verification. Additionally, there is...

PT-2026-34290

Name of the Vulnerable Software and Affected Versions Table Manager versions prior to 1.0.1 Description The Table Manager plugin for WordPress allows authenticated attackers with Contributor-level access and above to extract sensitive data from arbitrary WordPress database tables. The issue occur...

PT-2026-34308

Name of the Vulnerable Software and Affected Versions Simple Random Posts Shortcode versions prior to 0.4 Description The Simple Random Posts Shortcode plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject...

PT-2026-34307

Name of the Vulnerable Software and Affected Versions Posts map plugin for WordPress versions prior to 0.1.4 Description Insufficient input sanitization and output escaping on user supplied attributes allow authenticated attackers with contributor-level access and above to inject arbitrary web...

PT-2026-34302

Name of the Vulnerable Software and Affected Versions Text Snippets versions prior to 0.0.2 Description The Text Snippets plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes within th...

PT-2026-34303

Name of the Vulnerable Software and Affected Versions SlideShowPro SC versions prior to 1.0.3 Description The SlideShowPro SC plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes withi...

PT-2026-34289

The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. Specifically, in the wpmk block...

PT-2026-34280

Name of the Vulnerable Software and Affected Versions ER Swiffy Insert versions prior to 1.0.1 Description The ER Swiffy Insert plugin for WordPress contains a Stored Cross-Site Scripting issue via the 'swiffy' shortcode. The problem arises from insufficient input sanitization and output escaping...

PT-2026-34283

Name of the Vulnerable Software and Affected Versions Twittee Text Tweet versions prior to 1.0.9 Description Insufficient input sanitization and output escaping in the ttt twittee tweeter function allow authenticated attackers with Contributor-level access and above to inject arbitrary web script...

PT-2026-34278

Name of the Vulnerable Software and Affected Versions Quran Live Multilanguage plugin for WordPress versions prior to 1.0.4 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The quran live render...

CVE-2026-2505

The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'ztaxonomyimage' shortcode. This is due to the shortcode rendering path passing attacker-controlled class input into a fallback image builder that concatenates...

CVE-2026-0894

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contentblock shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-created...

CVE-2026-1838

The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

WordPress Pz-LinkCard plugin <= 2.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Pz-LinkCard versions = 2.5.8.1...

CVE-2026-0868 EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode

The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...