CVE-2024-11502

The CVE concerns the Planning Center Online Giving WordPress plugin (versions 1.0.0 and earlier). The vulnerability is due to unvalidated and unescaped shortcode attributes being echoed in pages/posts, enabling Stored XSS for users with the contributor role and above. Impact is described as store...

CVE-2024-11502 Planning Center Online Giving <= 1.0.0 - Contributor+ XSS via Shortcode

The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...

CVE-2024-10818 JSFiddle Shortcode < 1.1.3 - Contributor+ XSS via Shortcode

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10818

CVE-2024-10818 affects the WordPress JSFiddle Shortcode plugin prior to version 1.1.3. The vulnerability arises because the plugin does not validate and escape some shortcode attributes before echoing them in pages/posts, enabling Stored XSS when a user with Contributor role or higher renders a s...

CVE-2024-10818 JSFiddle Shortcode < 1.1.3 - Contributor+ XSS via Shortcode

The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

CVE-2024-13914

Summary: CVE-2024-13914 affects the WordPress plugins File Manager Advanced Shortcode (versions up to 2.5.4) and advanced-file-manager-pro-premium (2.5.6). It is a Local File Inclusion vulnerability exploitable via the file_manager_advanced shortcode, enabling authenticated administrators (and hi...

CVE-2025-4126

CVE-2025-4126 affects the WordPress EG-Series plugin (versions up to and including 2.1.1). Affected component is the shortcode_title handling in the [series] shortcode, where insufficient input sanitization and output escaping allows authenticated attackers (contributor level+) on sites with Clas...

WordPress plugin PVN Auth Popup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin JSFiddle Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin File Manager Advanced Shortcode 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

PT-2025-21494 · WordPress · Pvn Auth Popup

Name of the Vulnerable Software and Affected Versions: PVN Auth Popup WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the PVN Auth Popup WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or...

WordPress plugin Twitter Bootstrap Collapse aka Accordian Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Twitter Bootstrap Collapse ak...

PT-2025-21410 · WordPress · Jsfiddle Shortcode

Name of the Vulnerable Software and Affected Versions: JSFiddle Shortcode plugin for WordPress versions prior to 1.1.3 Description: The issue concerns the JSFiddle Shortcode plugin for WordPress, where it fails to validate and escape some of its shortcode attributes before outputting them back in...

CVE-2025-3878

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's saverify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13793

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin SMS Alert Order Notifications 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2024-13793

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13793

The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...