121 matches found
WordPress Theron Lite theme <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Theron Lite versions = 2.0...
WordPress Silesia theme <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Silesia versions = 1.0.6...
WordPress Mosaic theme <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Mosaic versions = 1.7.1...
WordPress Grey Opaque theme <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Download-Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Grey Opaque versions = 2.0.1...
CVE-2024-5966
The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5965
The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5965 Mosaic <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5447
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...
WordPress tagDiv Composer plugin <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via button Shortcode vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Composer versions = 4.8...
WordPress Themify Shortcodes plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via themifybutton Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Themify Shortcodes versions = 2.0.9...
WordPress Button plugin <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode vulnerability
Authenticated Contributor+ PHP Object Injection in buttonshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Button versions = 1.1.27...
PT-2024-18380 · WordPress · The Button
Name of the Vulnerable Software and Affected Versions: The Button plugin for WordPress versions up to, and including, 1.1.28 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the button shortcode function. This allows authenticated attackers with...
PT-2024-20471 · WordPress · Ux Flat
Name of the Vulnerable Software and Affected Versions: UX Flat plugin for WordPress versions up to, and including, 4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-20525 · WordPress · Standout Color Boxes/Buttons
Name of the Vulnerable Software and Affected Versions: The Standout Color Boxes and Buttons plugin for WordPress versions up to, and including, 0.7.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode due to insufficient input sanitization a...
PT-2024-19486 · WordPress · Oik
Name of the Vulnerable Software and Affected Versions: oik plugin for WordPress versions up to, and including, 4.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as bw contact button and bw button shortcodes, due to insufficient input...
CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...
CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...
CVE-2012-10016
CVE-2012-10016 affects the Halulu simple-download-button-shortcode WordPress plugin (version 1.0). The vulnerability lies in an unknown function within the file simple-download-button_dl.php of the Download Handler, where manipulation of the file argument leads to information disclosure. The issu...
PT-2023-9953 · WordPress · Halulu Simple-Download-Button-Shortcode Plugin
Name of the Vulnerable Software and Affected Versions: Halulu simple-download-button-shortcode Plugin version 1.0 Description: A vulnerability has been found in the Halulu simple-download-button-shortcode Plugin on WordPress. The issue affects an unknown function of the file simple-download-butto...
Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...