8967 matches found
PT-2025-46296
Name of the Vulnerable Software and Affected Versions Geopost plugin for WordPress versions prior to 1.3 Description The Geopost plugin for WordPress is susceptible to Stored Cross-Site Scripting through the height parameter of the 'geopost' shortcode. This is caused by inadequate input...
WordPress Jeba Cute forkit plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Jeba Cute forkit versions = 1.0...
EUVD-2025-38373
The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphaliliqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12643
CVE-2025-12643 – Saphali LiqPay for donate (WordPress) Stored XSS The WordPress plugin Saphali LiqPay for donate (plugin slug: saphali-liqpay-for-donate) is affected by a stored cross-site scripting vulnerability in the shortcode attribute saphali_liqpay. All versions up to and including 1.0.2 ar...
CVE-2025-12643 Saphali LiqPay for donate <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphaliliqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11268
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11987
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11268
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
EUVD-2025-37981
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
CVE-2025-11268
The CVE-2025-11268 entry for Strong Testimonials (WordPress) is confirmed by Wordfence as a vulnerability in all versions up to 3.2.16, enabling unauthenticated attackers to trigger arbitrary shortcodes when an administrator previews or publishes a crafted testimonial. The issue is caused by insu...
CVE-2025-11268 Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...
PT-2025-45181
Name of the Vulnerable Software and Affected Versions Strong Testimonials plugin for WordPress versions prior to 3.2.17 Description The Strong Testimonials plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate or sanitize user-submitted...
CVE-2025-11745
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745 Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field through the plugin's 'adinserter' shortcode in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-11745
CVE-2025-11745 affects the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads (versions up to and including 2.8.7). The vulnerability is a Stored Cross‑Site Scripting flaw in which user‑supplied attributes in the adinserter shortcode are insufficiently sanitized/escaped, allowing authenticat...
CVE-2025-11987
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11987
CVE-2025-11987 — Visual Link Preview (WordPress) is a stored cross-site scripting vulnerability in the Visual Link Preview plugin for WordPress, exploitable via the plugin’s visual-link-preview shortcode. Affected versions are up to and including 2.2.7, where insufficient input sanitization and o...