CVE-2025-15491 Post Slides <= 1.0.1 - Contributor+ Local File Inclusion

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks...

CVE-2024-11108

The CVE-2024-11108 entry concerns Serious Slider WordPress Plugin (versions prior to 1.2.7). Red Hat and NVD entries confirm the issue: the plugin fails to validate and escape certain shortcode attributes before echoing them in a page/post, allowing Stored XSS by users with the Contributor role o...

CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...