| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-26887 | WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability | Eli | EZ SQL Reports Shortcode Widget and DB Backup | Medium | 6.5 | 2025-02-25 14:17:52 | Deep Dive |
| CVE-2025-24564 | WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | aviplugins.com | Contact Form With Shortcode | High | 7.1 | 2025-02-14 12:44:34 | Deep Dive |
| CVE-2024-13841 | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure | daveshine | Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time | Medium | 4.3 | 2025-02-07 06:59:58 | Deep Dive |
| CVE-2025-24687 | WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | Lars Wallenborn | Show/Hide Shortcode | Medium | 6.5 | 2025-01-24 17:24:52 | Deep Dive |
| CVE-2025-24636 | WordPress MachForm Shortcode plugin <= 1.4.1 - CSRF to Stored XSS vulnerability | Rick Laymance | MachForm Shortcode | High | 7.1 | 2025-01-24 17:24:35 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2025-23449 | WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | davidpuc | Simple shortcode buttons | High | 7.1 | 2025-01-22 14:31:57 | Deep Dive |
| CVE-2025-22276 | WordPress Related Post Shortcode Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | enguerranws | Related Post Shortcode | Medium | 5.9 | 2025-01-21 17:21:51 | Deep Dive |
| CVE-2025-22267 | WordPress Weaver Themes Shortcode Compatibility Plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | wpweaver | Weaver Themes Shortcode Compatibility | Medium | 6.5 | 2025-01-21 17:21:51 | Deep Dive |
| CVE-2024-13385 | JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | jsmoriss | JSM Screenshot Machine Shortcode | Medium | 6.4 | 2025-01-18 07:05:10 | Deep Dive |
| CVE-2025-23943 | WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | aruvi | PDF.js Shortcode | Medium | 6.5 | 2025-01-16 20:08:07 | Deep Dive |
| CVE-2025-23946 | WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability | Le-Pixel-Solitaire | Enhanced YouTube Shortcode | Medium | 6.5 | 2025-01-16 20:08:06 | Deep Dive |
| CVE-2025-23896 | WordPress Mindmeister Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | thom4 | Mindmeister Shortcode | Medium | 6.5 | 2025-01-16 20:07:40 | Deep Dive |
| CVE-2025-23893 | WordPress GMap Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | Manny Costales | GMap Shortcode | Medium | 6.5 | 2025-01-16 20:07:36 | Deep Dive |
| CVE-2025-23825 | WordPress Easy Shortcode Buttons plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | osuthorpe | Easy Shortcode Buttons | Medium | 6.5 | 2025-01-16 20:07:15 | Deep Dive |
| CVE-2025-23791 | WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability | mikakaltoft | Horizontal Line Shortcode | Medium | 6.5 | 2025-01-16 20:07:01 | Deep Dive |
| CVE-2025-23642 | WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | pflonk | Sidebar-Content from Shortcode | Medium | 6.5 | 2025-01-16 20:06:29 | Deep Dive |
| CVE-2025-23618 | WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability | starise | Twitter Shortcode | High | 7.1 | 2025-01-16 20:06:24 | Deep Dive |
| CVE-2025-23569 | WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability | Kelvin Ng | Shortcode in Comment | High | 7.1 | 2025-01-16 20:06:20 | Deep Dive |