8990 matches found
CVE-2024-13665
The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-11746
The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'productbrand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and outp...
CVE-2024-13701
The Liveticker by stklcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-6440 · WordPress · Admire Extra
Name of the Vulnerable Software and Affected Versions: Admire Extra plugin for WordPress versions up to, and including, 1.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'space' shortcode, allowing authenticated...
PT-2025-6454 · WordPress · The Global Gallery
Name of the Vulnerable Software and Affected Versions: The Global Gallery - WordPress Responsive Gallery plugin for WordPress versions up to, and including, 9.1.5 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before...
PT-2025-6433 · WordPress · Woocommerce Brands Plugin
Name of the Vulnerable Software and Affected Versions: Woocommerce Brands Plugin versions up to, and including, 1.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's product brand shortcode due to insufficient input sanitization and output escaping on user-suppli...
Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before...
WordPress Customer Email Verification for WooCommerce plugin <= 2.9.5 - Authentication Bypass via Shortcode vulnerability
Authentication Bypass via Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Email Verification for WooCommerce versions = 2.9.5...
WordPress Global Gallery - WordPress Responsive Gallery plugin <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
WordPress Global Gallery - WordPress Responsive Gallery plugin = 9.1.5 - Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Global Gallery versions = 9.1.5...
CVE-2024-13487
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2025-25081 WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1...
CVE-2025-25081 WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in DeannaS Embed RSS embed-rss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Embed RSS: from n/a through = 3.1...
CVE-2024-13841
The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This...
WordPress plugin Builder Shortcode Extras 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress Builder Shortcode Extras plugin <= 1.0.0 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Builder Shortcode Extras versions = 1.0.0...
CVE-2024-13487
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2024-13487
CVE-2024-13487 affects CURCY – Multi Currency for WooCommerce (
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2025-23449
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through = 1.3.2...