PT-2025-33460 · WordPress · Bizcalendar Web

Name of the Vulnerable Software and Affected Versions: BizCalendar Web plugin for WordPress versions prior to 1.1.0.51 Description: The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion via the bizcalv shortcode. Authenticated attackers with Contributor-level access and...

WordPress Inline Stock Quotes plugin cross-site scripting vulnerability

WordPress Inline Stock Quotes plugin is a WordPress plugin that allows users to dynamically insert stock quote information into a post or page via the stock shortcode, supporting real-time updates of stock quotes and dynamic data. WordPress Inline Stock Quotes plugin suffers from a cross-site...

PT-2025-33467 · WordPress · Inpersttion For Theme

Name of the Vulnerable Software and Affected Versions: Inpersttion For Theme plugin for WordPress versions prior to 1.0 Description: The Inpersttion For Theme plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 1.0 via the theme section shortcode function...

CVE-2025-54746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through = 1.0.02...

CVE-2025-54746 WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through = 1.0.02...

WordPress Shortcode Redirect Plugin <= 1.0.02 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Rooting in WordPress Plugin Shortcode Redirect versions = 1.0.02...

CVE-2025-49051

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through = 1.1...

CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through 3.9.9.1...

CVE-2025-39483 WordPress Eventer plugin < 3.9.9.1 - Content Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through 3.9.9.1...

CVE-2025-49051

CVE-2025-49051 (Hide Text Shortcode) affects the WordPress plugin Hide Text Shortcode, version ranges up to and including 1.1. The vulnerability is a stored XSS caused by improper input neutralization during web page generation. Public sources (NVD/Red Hat/patch coverage) corroborate a stored XSS...

CVE-2025-49051 WordPress Hide Text Shortcode plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through = 1.1...

CVE-2025-49051 WordPress Hide Text Shortcode plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text Shortcode: from n/a through 1.1...

CVE-2025-8685

The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-33182 · WordPress · Biscia7 Hide Text Shortcode

Name of the Vulnerable Software and Affected Versions: biscia7 Hide Text Shortcode versions through 1.1 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: Update biscia7 Hide Text Shortcode to a version later than...

WordPress plugin Shortcode Redirect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Hide Text Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-33393 · Unknown · Cartpauj Shortcode Redirect

Name of the Vulnerable Software and Affected Versions: cartpauj Shortcode Redirect versions n/a through 1.0.02 Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS. This issue impacts the Shortcode Redirect component. Recommendations:...

WordPress Hide Text Shortcode plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 in WordPress Plugin Hide Text Shortcode versions = 1.1...

CVE-2025-8685

The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8688

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...