CVE-2025-8413

Summary (CVE-2025-8413): Listeo (WordPress theme)

CVE-2025-11823

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

CVE-2025-11823 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonexisttext' parameter in the 'wishsuitebutton' shortcode in all versions up to, and including, 3.2.4 due to insufficient...

WordPress Listeo plugin <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via soundcloud Shortcode vulnerability discovered by Craig Webb in WordPress Theme Listeo versions = 2.0.8...

WordPress ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin ShopLentor versions = 3.2.4...

PT-2025-43721

Name of the Vulnerable Software and Affected Versions SpendeOnline.org plugin for WordPress versions up to and including 3.0.1 Description The SpendeOnline.org plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'spendeonline' shortcode. Insufficient input sanitization...

PT-2025-43713

Name of the Vulnerable Software and Affected Versions Listeo versions prior to 2.0.9 Description The Listeo theme for WordPress is susceptible to Stored Cross-Site Scripting through the soundcloud shortcode. Insufficient input sanitization and output escaping on user-supplied attributes allows...

PT-2025-43700

Name of the Vulnerable Software and Affected Versions ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress versions prior to 3.2.5 Description The ShopLentor plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue...

CVE-2025-12096

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2025-35814

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-12096

CVE-2025-12096 affects the WordPress plugin Simple Excel Pricelist for WooCommerce (versions

CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-43602

Name of the Vulnerable Software and Affected Versions Simple Excel Pricelist for WooCommerce plugin for WordPress versions prior to 1.14 Description The Simple Excel Pricelist for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'pricelist' shortcode...

CVE-2025-49945

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kylegetson Shortcode Generator shortcode-generator allows Reflected XSS.This issue affects Shortcode Generator: from n/a through = 1.1...

CVE-2025-11819

The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

CVE-2025-10138

The This-or-That plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'thisorthat' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-11804

The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-11880

The SM CountDown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's smcountdown shortcode in versions less than, or equal to, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...