8983 matches found
CVE-2025-10192
CVE-2025-10192 – WP Photo Effects (WordPress) is an authenticated Stored XSS vulnerability in the wppe_effect shortcode affecting all versions up to 1.2.4. The issue arises from insufficient input sanitization and output escaping on user-supplied shortcode attributes, allowing an attacker with co...
EUVD-2025-32272
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-9876 Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9876 Ird Slider <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2025-32277
The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irdslider' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-9876
CVE-2025-9876 affects the WordPress Ird Slider plugin (versions ≤ 1.0.2). It is a stored XSS due to insufficient input sanitization and output escaping on the irdslider shortcode attributes, exploitable by authenticated attackers with contributor-level access or higher. The impact is arbitrary sc...
EUVD-2025-32279
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
EUVD-2025-32278
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketspot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-9198 Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-9198
CVE-2025-9198 concerns the WordPress plugin “Wp cycle text announcement” (versions up to and including 8.1). The vulnerability is a SQL Injection via the cycle-text shortcode caused by insufficient escaping of user-supplied parameters and inadequate preparation of the existing SQL query. Exploita...
CVE-2025-9875 Event Tickets, RSVPs, Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketspot' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode
The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9130 Unify <= 3.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via unify_checkout Shortcode
The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unifycheckout shortcode in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9130
CVE-2025-9130 refers to the WordPress Unify plugin vulnerable to Stored XSS via the unify_checkout shortcode in versions up to and including 3.4.7. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers with contribu...
PT-2025-40503
Name of the Vulnerable Software and Affected Versions Ird Slider versions prior to 1.0.3 Description The Ird Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s irdslider shortcode. Insufficient input sanitization and output escaping on user-supplied...
WordPress plugin Fintelligence Calculator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Fintelligence Calculator plugin, which stems from a lack of valid filtering and escaping of the...
PT-2025-40501
Name of the Vulnerable Software and Affected Versions Fintelligence Calculator plugin for WordPress versions up to and including 1.0.3 Description The Fintelligence Calculator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'fintelligence-calculator' shortcode. This...