189 matches found
EUVD-2023-50333
Malicious code in bioql PyPI...
EUVD-2024-49223
Malicious code in bioql PyPI...
EUVD-2022-51953
Malicious code in bioql PyPI...
EUVD-2024-16580
Malicious code in bioql PyPI...
EUVD-2023-27886
Malicious code in bioql PyPI...
EUVD-2023-58719
Malicious code in bioql PyPI...
CVE-2025-7369
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...
CVE-2025-7354
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-8015
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2025-7369
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-7354
CVE-2025-7354 affects WordPress sites running the WP Shortcodes Plugin — Shortcodes Ultimate. The vulnerability is a Stored Cross-Site Scripting (XSS) in all versions up to 7.4.2 caused by insufficient input sanitization and output escaping on user-supplied attributes within shortcodes. Exploitat...
CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2025-7648 Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruvenbutton' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-7648
CVE-2025-7648 affects Ruven Themes: Shortcodes for WordPress. The stored XSS exists in the ruven_button shortcode in versions up to 1.0 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access can inject script that executes for users loa...
WordPress plugin Ruven Themes: Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
PT-2025-29992 · WordPress · Shortcodes
Name of the Vulnerable Software and Affected Versions: Ruven Themes: Shortcodes plugin for WordPress versions prior to 1.0 Description: The plugin is susceptible to Stored Cross-Site Scripting through the ruven button shortcode due to inadequate input sanitization and output escaping of...
CVE-2025-5567
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
PT-2025-27840 · WordPress · Wp Shortcodes Plugin
Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.4.0 Description: The issue is related to Stored Cross-Site Scripting via the data-url DOM element attribute due to insufficient input sanitizatio...
CVE-2024-9703
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...