MeldSecurity
Press Enter to search
CVE Database & Search β†’
Sign In Get Started

CVE-2025-6460

🟑 MEDIUM

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜message’ parameter in all versions up to, and including, 1.2 due to insufficient inp...

Published
Feb 18, 2026
Last Modified
Feb 18, 2026
Views
4
Bookmarks
0

Description

Request Expert Review

The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜message’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Scores

CVSS 3.1 6.4
6.4
MEDIUM
CVSS 2.0 6.4

References

plugins.trac.wordpress.org wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Received

Related CVEs

CVE-2026-2576

HIGH

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment...

Score: 7.5

CVE-2026-1931

HIGH

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.3...

Score: 7.2

CVE-2026-1925

MEDIUM

The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability...

Score: 4.3

CVE-2026-1714

HIGH

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abu...

Score: 8.6

CVE-2026-1296

MEDIUM

The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to in...

Score: 6.1

CVE-2026-1277

MEDIUM

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on th...

Score: 4.7

Share CVE-2025-6460

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-6460 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis