4 matches found
CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-12660
CVE-2025-12660 – Padlet Shortcode (Wallwisher) Stored XSS (WordPress) Affected software: Padlet Shortcode plugin for WordPress (shortcode wallwisher, parameter key) up to version 1.3. Description and connected sources confirm a Stored Cross-Site Scripting flaw caused by insufficient input sanitiz...
PT-2025-47694
The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...