8967 matches found
PT-2025-44915
Name of the Vulnerable Software and Affected Versions TablePress versions up to and including 3.2.3 Description The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the table shortcode attributes. Insufficient input sanitization and output escaping on...
PT-2025-44940
The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse builder single post title' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible fo...
PT-2025-44935
Name of the Vulnerable Software and Affected Versions Elegance Menu versions prior to 2.0 Description The Elegance Menu plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 1.9. An authenticated attacker with Contributor-level access or higher can exploit th...
WordPress WPCOM Member plugin <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin WPCOM Member versions = 1.7.14...
CVE-2025-11502
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-6988
The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-6988
CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions
EUVD-2025-37419
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
EUVD-2025-37418
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11502 Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
CVE-2025-11377
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...
EUVD-2025-37406
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11806
The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'quiz' attribute. This makes it possible for authenticated attackers...
CVE-2025-11920
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920
CVE-2025-11920 – Local File Inclusion in WPCOM Member plugin for WordPress (versions up to 1.7.14) via the shortcode action parameter. Authenticated attackers with Contributor+ access can include/execute server-side PHP files, enabling code execution in scenarios where PHP files can be uploaded a...
CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
CVE-2025-11920 WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary...
PT-2025-44697
Name of the Vulnerable Software and Affected Versions WPCOM Member versions prior to 1.7.15 Description The WPCOM Member plugin for WordPress is susceptible to Local File Inclusion. This issue affects versions up to and including 1.7.14 and is triggered through the action parameter within a...