8990 matches found
CVE-2025-5534 ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-5534
CVE-2025-5534 affects the ESV Bible Shortcode for WordPress plugin. It permits Stored XSS via the esv shortcode in all versions up to and including 1.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication at contributor lev...
WordPress plugin ESV Bible Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...
PT-2025-24037 · WordPress · Esv Bible Shortcode
Name of the Vulnerable Software and Affected Versions: ESV Bible Shortcode plugin versions 1.0.2 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'esv' shortcode. This allows authenticated attackers with...
PT-2025-24042 · WordPress · Hide It
Name of the Vulnerable Software and Affected Versions: Hide It plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode due to insufficient input sanitization and output escaping on user-supplied...
WordPress ESV Bible Shortcode for WordPress plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin ESV Bible Shortcode for WordPress versions = 1.0.2...
CVE-2025-5539
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emdmbmeta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2025-4670
The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eddreceipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user...
CVE-2025-23791
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mikakaltoft Horizontal Line Shortcode horizontal-line-shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through = 1.0...
CVE-2025-24687
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Lars Wallenborn Show/Hide Shortcode showhide-shortcode allows Stored XSS.This issue affects Show/Hide Shortcode: from n/a through = 1.0.0...
CVE-2025-22743
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode twitter-bootstrap-collapse-aka-accordian-shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian...
CVE-2025-22276
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in enguerranws Related Post Shortcode related-post-shortcode allows Stored XSS.This issue affects Related Post Shortcode: from n/a through = 1.2...
CVE-2025-22267
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpweaver Weaver Themes Shortcode Compatibility weaver-themes-shortcode-compatibility allows Stored XSS.This issue affects Weaver Themes Shortcode Compatibility: from n/a through = 1.0.4...
CVE-2025-22558
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...
CVE-2024-52352
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through = 1.0...
CVE-2024-8254
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...
CVE-2024-3075
The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-1219
The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2024-1357
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxtimeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes such as...
CVE-2024-2499
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...