| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6246 | Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute | mkerstner | Simple Random Posts Shortcode | Medium | 6.4 | 2026-04-22 07:45:39 | Deep Dive |
| CVE-2026-4005 | Coachific Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute | coachific | Coachific Shortcode | Medium | 6.4 | 2026-04-15 08:28:15 | Deep Dive |
| CVE-2026-1607 | Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | surbma | Surbma | Booking.com Shortcode | Medium | 6.4 | 2026-04-14 03:37:33 | Deep Dive |
| CVE-2026-1575 | Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | jeric_izon | Schema Shortcode | Medium | 6.4 | 2026-03-21 03:27:01 | Deep Dive |
| CVE-2026-1851 | iVysilani Shortcode <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'width' Shortcode Attribute | deckercz | iVysilani Shortcode | Medium | 6.4 | 2026-03-21 03:26:38 | Deep Dive |
| CVE-2026-31916 | WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability | Iulia Cazan | Latest Post Shortcode | 中危 | - | 2026-03-13 11:41:54 | Deep Dive |
| CVE-2025-6460 | Display During Conditional Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via message Parameter | gserafini | Display During Conditional Shortcode | Medium | 6.4 | 2026-02-18 04:35:44 | Deep Dive |
| CVE-2026-1922 | The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | brianhogg | The Events Calendar Shortcode & Block | Medium | 6.4 | 2026-02-10 09:26:06 | Deep Dive |
| CVE-2026-1570 | Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | dannycarlton | Simple Bible Verse via Shortcode | Medium | 6.4 | 2026-02-07 08:26:36 | Deep Dive |
| CVE-2026-24995 | WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability | Iulia Cazan | Latest Post Shortcode | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2026-24988 | WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability | Brian Hogg | The Events Calendar Shortcode & Block | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2025-62760 | WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | BuddyDev | BuddyPress Activity Shortcode | Medium | 6.5 | 2025-12-31 08:52:04 | Deep Dive |
| CVE-2025-68897 | WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability | Mohammad I. Okfie | IF AS Shortcode | Critical | 9.9 | 2025-12-29 15:55:14 | Deep Dive |
| CVE-2025-12696 | HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset | Unknown | HelloLeads CRM Form Shortcode | - | - | 2025-12-14 06:00:03 | Deep Dive |
| CVE-2025-14539 | Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter | rang501 | Shortcode Ajax | Medium | 5.4 | 2025-12-13 04:31:29 | Deep Dive |
| CVE-2025-13843 | VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute | susantabeura | VigLink SpotLight By ShortCode | Medium | 6.4 | 2025-12-12 03:21:03 | Deep Dive |
| CVE-2025-13966 | Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute | sonlamtn200 | Paypal Payment Shortcode | Medium | 6.4 | 2025-12-12 03:20:54 | Deep Dive |
| CVE-2025-12717 | List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode | cgrymala | List Attachments Shortcode | Medium | 6.4 | 2025-12-06 05:49:32 | Deep Dive |
| CVE-2025-11808 | Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | antiochinteractive | Shortcode for Google Street View | Medium | 6.4 | 2025-11-21 08:28:14 | Deep Dive |
| CVE-2025-11803 | WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpfanyi | WPSite Shortcode | Medium | 6.4 | 2025-11-21 08:28:11 | Deep Dive |