8967 matches found
WordPress plugin Discussion Board - WordPress Forum Plugin Security Vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
EUVD-2025-35918
The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-35923
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
CVE-2025-12096
The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11875 SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11875 SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The SpendeOnline.org plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spendeonline' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-11875
The CVE refers to the SpendeOnline.org WordPress plugin (affected: versions up to 3.0.1) with a Stored Cross‑Site Scripting vulnerability via the spendeonline shortcode due to insufficient input sanitization and output escaping of user attributes. This could allow authenticated attackers with con...
CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
CVE-2025-8483 Discussion Board – WordPress Forum Plugin <= 2.5.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...
CVE-2025-8483
The CVE-2025-8483 entry concerns the Discussion Board – WordPress Forum Plugin for WordPress (versions up to 2.5.5). The root cause is improper validation before do_shortcode, allowing authenticated users with Subscriber+ privileges to trigger arbitrary shortcode execution. Severity in public rep...
CVE-2025-8413
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-10737
The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
EUVD-2025-35908
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode
The Listeo theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's soundcloud shortcode in version less than, or equal to, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-8413
Summary (CVE-2025-8413): Listeo (WordPress theme)
CVE-2025-11823
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...
CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...
WordPress Listeo plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via soundcloud Shortcode vulnerability discovered by Craig Webb in WordPress Theme Listeo versions = 2.0.8...
WordPress ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin ShopLentor versions = 3.2.4...