121 matches found
PT-2024-17327 · WordPress · Spoki
Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...
PT-2024-16921 · WordPress · Smart Popup Blaster
Name of the Vulnerable Software and Affected Versions: Smart PopUp Blaster plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode due to insufficient input sanitization and output escaping ...
PT-2024-16995 · WordPress · Grey Owl Lightbox
Name of the Vulnerable Software and Affected Versions: The Grey Owl Lightbox plugin for WordPress versions up to, and including, 1.6.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gol button' shortcode due to insufficient input sanitization and output escapin...
PT-2024-16063 · WordPress · Steel
Name of the Vulnerable Software and Affected Versions: The Steel plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's btn shortcode due to insufficient input sanitization and output escaping on user-supplied...
CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-9703
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
PT-2024-39770 · WordPress · Arconix Shortcodes
Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.12 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input...
CVE-2024-5867
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5869
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-5870
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5789
The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5869 Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5869
CVE-2024-5869 refers to the Neighborly WordPress theme (
CVE-2024-5867
CVE-2024-5867 describes a Stored Cross-Site Scripting in the Delicate theme for WordPress via the link parameter of the Button shortcode, affecting all versions up to and including 3.5.5. The issue requires Contributor-level access or higher to exploit and can cause script execution on page load....
CVE-2024-5789 Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress Neighborly theme <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Neighborly versions = 1.4...
WordPress Tweaker5 theme <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Tweaker5 versions = 1.2...
WordPress Delicate theme <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Delicate versions = 3.5.5...
WordPress Triton Lite theme <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Triton Lite versions = 1.3...