8967 matches found
CVE-2025-11987 Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-12369
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-11812
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...
CVE-2025-11704
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
WordPress List category posts plugin information leakage vulnerability
WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...
CVE-2025-12369
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-11812
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...
CVE-2025-11704
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
WordPress TablePress plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Rafshanzani Suhada in WordPress Plugin TablePress versions = 3.2.4...
CVE-2025-11812 Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...
CVE-2025-11812
CVE-2025-11812 : Reuse Builder (WordPress)
CVE-2025-11704 Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2025-11704 Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion
The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-12369 Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...
CVE-2025-12324
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-12324
CVE-2025-12324 affects the WordPress plugin TablePress (versions up to 3.2.3). The vulnerability is a Stored Cross-Site Scripting via table shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor-level access; an attacker can ...
CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
PT-2025-44948
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the geojsonmarker shortcode in all versions up to, and including, 4.7. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for...