CVE-2025-23569 WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through = 1.1.1...

CVE-2025-23569 WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through 1.1.1...

CVE-2025-23569

CVE-2025-23569 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin “Shortcode in Comment” by Kelvin Ng, which allows Stored XSS. The vulnerability affects the Shortcode in Comment plugin version range up to 1.1.1 (inclusive). The hosted CVE details also cite a CVSS...

WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Enhanced YouTube Shortcode versions = 2.0.1...

WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin PDF.js Shortcode versions = 1.0...

WordPress Mindmeister Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Mindmeister Shortcode versions = 1.0...

WordPress GMap Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin GMap Shortcode versions = 2.0...

WordPress Easy Shortcode Buttons plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Easy Shortcode Buttons versions = 1.2...

WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Horizontal Line Shortcode versions = 1.0...

WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sidebar-Content from Shortcode versions = 2.0...

WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Twitter Shortcode versions = 0.9...

WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Shortcode in Comment versions = 1.1.1...

WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Simple shortcode buttons versions = 1.3.2...

CVE-2024-10970

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-10970 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-10970 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-10970

CVE-2024-10970 (The Motors – Car Dealer, Classifieds & Listing plugin for WordPress) is exposed in all versions up to 1.4.43. The root cause is that the plugin allows a value to be passed into do_shortcode without proper validation, enabling an authenticated attacker (Subscriber+ level) to execut...

PT-2025-4977 · Unknown · Andrea Brandi Twitter Shortcode

Name of the Vulnerable Software and Affected Versions: Andrea Brandi Twitter Shortcode versions 0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

WordPress plugin GMap Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Mindmeister Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...