27 matches found
CVE-2026-8885
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
EUVD-2026-33893
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
CVE-2026-8885
The CVE-2026-8885 entry concerns the WordPress plugin DeMomentSomTres Shortcodes (versions
CVE-2026-8885 DeMomentSomTres Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...
WordPress DeMomentSomTres Shortcodes plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin DeMomentSomTres Shortcodes versions = 1.1.1...
CVE-2023-5905
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
CVE-2023-5905 DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export
The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as...
CVE-2023-5905
The CVE-2023-5905 issue affects the DeMomentSomTres WordPress Export Posts With Images plugin (up to 20220825). The vulnerability stems from missing authorization checks when exporting blog data, allowing any logged-in user (e.g., subscribers) to export contents of the blog, including restricted ...
PT-2024-14841 · WordPress · Demomentsomtres Wordpress Export Posts With Images
Name of the Vulnerable Software and Affected Versions: DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 Description: The issue allows any logged-in user, such as subscribers, to export the contents of the blog, including restricted and unpublished posts, as wel...
WordPress Plugin DeMomentSomTres WordPress Export Posts With Images Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin DeMomentSomTres WordPress...
WordPress DeMomentSomTres WordPress Export Posts With Images Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres WordPress Export Posts With Images Type Plugin Vulnerable versions = 2.5 Fixed in 20200610 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 568a0722ed5e Credits...
WordPress DeMomentSomTres Subscribe Plugin <= 3.201706150908 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Subscribe Type Plugin Vulnerable versions = 3.201706150908 Fixed in 3.201903272301 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c4ea936848b0 Credits Rafie...
WordPress DeMomentSomTres Gravity Forms Improvements Plugin <= 20170425 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Gravity Forms Improvements Type Plugin Vulnerable versions = 20170425 Fixed in 201805021810 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 477dcd7d6435 Credits...
WordPress DeMomentSomTres Immediate Send Plugin <= 3.201704251244 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Immediate Send Type Plugin Vulnerable versions = 3.201704251244 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 395b22880d0c Credits Rafie Muhammad...
WordPress DeMomentSomTres Address Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Address Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f5877fb71667 Credits Rafie Muhammad Patchstack...
WordPress DeMomentSomTres Media Tools Auto Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Media Tools Auto Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e64488cbd744 Credits Rafie Muhammad...
WordPress DeMomentSomTres Grid Archive Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)
Software DeMomentSomTres Grid Archive Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID be92652d0948 Credits Rafie Muhammad Patchsta...
WordPress DeMomentSomTres Classify on Publish plugin <= 201703020805 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Classify on Publish plugin versions = 201703020805. Solution No patched version available...
WordPress DeMomentSomTres Grid Archive plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Grid Archive plugin versions = 2.1. Solution No patched version available...
WordPress DeMomentSomTres Address plugin <= 2.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress DeMomentSomTres Address plugin versions = 2.1. Solution No patched version available...