A stored cross-site scripting (XSS) vulnerability exists in the Animate Your Content WordPress plugin (versions ≤ 1.0.0). The flaw resides in the `shortcode_args_to_html_attrs()` function, which fails to sanitize or escape user-supplied shortcode attributes before concatenating them into double-quoted HTML attributes. This allows authenticated attackers with contributor-level privileges or higher to injec [truncated]
The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'postcategorygallery' shortcode in versions up to and including 1.0.0. The vulnerability exists in the sc_horcatbar() function, where user-supplied shortcode attributes—including total_width, color_scheme, and caption_font_size—are concatenated directly into HTML attribute values without sufficient in [truncated]
