EUVD-2026-32055

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

CVE-2026-8837 WP Iframe Geo Style for Amazon affiliates <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'adid' Shortcode Attribute

The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-8698 Cryptocurrency Prijsvergelijking Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute

The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0. This is due to insufficient output escaping in the asgetcoinshortcode function, which renders the 'width' and 'height' shortcode attribute directly into the style attribut...

CVE-2026-8877

The CVE-2026-8877 entry concerns the WordPress plugin Responsive Video Embedder (

CVE-2026-8877 Responsive Video Embedder <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

EUVD-2026-32053

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

CVE-2026-8877 Responsive Video Embedder <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remvideo' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the...

PT-2026-43517

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. This is due to insufficient input sanitization and output escaping on the user supplied 'title' attribute in the mfd shortcode...

PT-2026-43520

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode args to ht...

PT-2026-43524

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-43519

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic link' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', a...

PT-2026-43514

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes userid, albumid, authkey, imgmax,...

WordPress plugin Single Mailchimp 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress plugin Dideo 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The Dide...

WordPress plugin iWR Tooltip 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-43523

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem video' shortcode in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes notably 'id' and 'list' in the video...

WordPress plugin BitForm 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-43515

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as...

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

PT-2026-43510

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is due to insufficient input sanitization and output escaping on the 'url' and 'button' shortcode attributes in the rspc check shortcod...