WordPress PDF for WPForms plugin <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via yeepdfdotab Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin PDF for WPForms versions = 4.6.0...

WordPress Twitter Bootstrap Collapse aka Accordian Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Twitter Bootstrap Collapse aka Accordian Shortcode versions = 1.0...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Silverstripe Asset Admin Module 跨站脚本漏洞

Silverstripe Asset Admin Module is an open source asset management module from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Asset Admin Module, which stems from the fact that HTML is not sanitized until the shortcode is replaced, allowing execution of script loads in...

PT-2025-2109 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar versions up to and including 10.9.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'booking' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress CF Internal Link Shortcode 1.1.0 SQL Injection

WordPress CF Internal Link Shortcode plugin versions 1.1.0 and below suffer from a remote SQL injection vulnerability. CVE-2024-12404 CF Internal Link Shortcode = 1.1.0 - Unauthenticated SQL Injection Description The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection v...

WordPress Booking Calendar plugin <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode vulnerability discovered by Asaf Mozes in WordPress Plugin Booking Calendar versions = 10.9.2...

CVE-2024-12404

The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'posttitle' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-12404 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection

The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'posttitle' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-12404 CF Internal Link Shortcode <= 1.1.0 - Unauthenticated SQL Injection

The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'posttitle' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-12404

CVE-2024-12404 : CF Internal Link Shortcode for WordPress is vulnerable to an unauthenticated SQL Injection via the post_title parameter in versions up to 1.1.0 due to insufficient escaping and poor query preparation. This could allow an attacker to append additional SQL commands to existing quer...

PT-2025-1753 · WordPress · The Unlimited Theme Addon For Elementor/Woocommerce

Name of the Vulnerable Software and Affected Versions: The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or...

PT-2025-1881 · WordPress · The Dominion – Domain Checker

Name of the Vulnerable Software and Affected Versions: The Dominion – Domain Checker for WPBakery plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin CF Internal Link Shortcode SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in WordPress plug...

PT-2025-1688 · WordPress · Wp Spid Italia

Name of the Vulnerable Software and Affected Versions: WP SPID Italia plugin for WordPress versions up to, and including, 2.9 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode, allowing authenticated...

WordPress CF Internal Link Shortcode plugin <= 1.1.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin CF Internal Link Shortcode versions = 1.1.0...

PT-2025-1862 · WordPress · Ai Scribe

Name of the Vulnerable Software and Affected Versions: AI Scribe plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to SQL Injection via the template id parameter of the article builder generate data shortcode. This is due to insufficient escaping on the...

PT-2025-1866 · WordPress · Files Download Delay

Name of the Vulnerable Software and Affected Versions: Files Download Delay plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

PT-2025-1958 · WordPress · Searchie

Name of the Vulnerable Software and Affected Versions: Searchie plugin for WordPress versions up to, and including, 1.17.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sio embed media shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1918 · WordPress · Yumpu E-Paper

Name of the Vulnerable Software and Affected Versions: Yumpu E-Paper publishing plugin for WordPress versions up to, and including, 3.0.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode due to insufficient input sanitization and output escaping ...