Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/11/21 7:31 a.m.7 views

CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/21 7:31 a.m.2 views

CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS4.8AI score0.00194EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 7:31 a.m.21 views

CVE-2025-12660

CVE-2025-12660 – Padlet Shortcode (Wallwisher) Stored XSS (WordPress) Affected software: Padlet Shortcode plugin for WordPress (shortcode wallwisher, parameter key) up to version 1.3. Description and connected sources confirm a Stored Cross-Site Scripting flaw caused by insufficient input sanitiz...

6.4CVSS4.8AI score0.00194EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.9 views

PT-2025-47694

The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'key' parameter in the 'wallwisher' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.1AI score0.00194EPSS
Exploits0References4
Rows per page
Query Builder