PT-2025-9071 · WordPress · Ultra Addons Lite For Elementor

Name of the Vulnerable Software and Affected Versions: Ultra Addons Lite for Elementor plugin for WordPress versions up to, and including, 1.1.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password-protected, private, or draft...

PT-2025-9079 · WordPress · Wow Entrance Effects

Name of the Vulnerable Software and Affected Versions: WOW Entrance Effects WEE! plugin for WordPress versions up to, and including, 0.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'wee' shortcode, allowing...

WordPress Traveler theme <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...

CVE-2024-6261

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'FinalTilesGallery' shortcode in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

WordPress ThemeMakers Stripe Checkout plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeMakers Stripe Checkout versions = 1.0.1...

WordPress ThemeMakers PayPal Express Checkout plugin <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeMakers PayPal Express Checkout versions = 1.1.9...

WordPress WooCommerce Cart Count Shortcode plugin < 1.1.0 - Contributor+ XSS vulnerability

Contributor+ XSS vulnerability discovered by Bob Matyas in WordPress Plugin WooCommerce Cart Count Shortcode versions 1.1.0...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-10563

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10563 WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-10563

The WooCommerce Cart Count Shortcode plugin for WordPress (versions

CVE-2024-10563 WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS

The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

PT-2025-8670 · WordPress · Woocommerce Cart Count Shortcode

Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode WordPress plugin versions prior to 1.1.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP-Asambleas versions = 2.85.0...

CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

WordPress Ohio Theme Extra plugin <= 3.4.7 - Shortcode Injection vulnerability

Shortcode Injection vulnerability discovered by Kursat Cetin Patchstack in WordPress Plugin Ohio Extra versions = 3.4.7...

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...