8984 matches found
PT-2025-39931
Name of the Vulnerable Software and Affected Versions All Social Share Options plugin for WordPress versions prior to 1.1 Description The All Social Share Options plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s ‘sc’ shortcode. Insufficient input sanitizatio...
CVE-2025-10180
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10136
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Links shortcode versions = 1.8.3...
CVE-2025-8906
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by Najib Sinjari in WordPress Plugin Everest Forms versions = 3.4.1...
CVE-2025-10136
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10180
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10180
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10136
CVE-2025-10136 concerns the WordPress plugin TweetThis Shortcode. The TweetThis Shortcode plugin is vulnerable to Stored Cross-Site Scripting via its tweetthis shortcode in all versions up to and including 1.8.0 due to insufficient input sanitization and output escaping on user-supplied attribute...
CVE-2025-10136 TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10180 Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10136 TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The TweetThis Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tweetthis' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-10180 Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-10180
CVE-2025-10180 affects the Markdown Shortcode WordPress plugin. Vulnerable component: the Markdown Shortcode (markdown-shortcode) in versions up to and including 0.2.1. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the markdown shortcode, enabling ...
CVE-2025-8906
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress TweetThis Shortcode plugin <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin TweetThis Shortcode versions = 1.8.0...
WordPress Markdown Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Markdown Shortcode versions = 0.2.1...
PT-2025-39480
Name of the Vulnerable Software and Affected Versions Widgets for Tiktok Feed plugin for WordPress versions up to and including 1.7.3 Description The Widgets for Tiktok Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'trustindex-feed' shortcode. This is due to...