PT-2025-2214 · WordPress · Power Ups For Elementor

Name of the Vulnerable Software and Affected Versions: Power Ups for Elementor plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode due to insufficient input sanitization and output...

PT-2024-17243 · WordPress · Newsmanapp

Name of the Vulnerable Software and Affected Versions: NewsmanApp plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'newsman subscribe widget' shortcode due to insufficient input sanitization and output...

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...

PT-2024-35194 · Andrew Milo · Postcasa Shortcode

Name of the Vulnerable Software and Affected Versions: Postcasa Shortcode versions 1.0 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a DOM-Based XSS vulnerability in the Andrew Milo...

PT-2024-34719 · WordPress · Wpza Amp Img Shortcode

Name of the Vulnerable Software and Affected Versions: WPZA AMP Img Shortcode versions 1.0.0 through 1.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker...

PT-2024-36685 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to, and including, 3.16 Description: The issue allows authenticated attackers with contributor-level access and above to perform time-based SQL Injection via the order parameter within...

PT-2024-3144 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tutor instructor list' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2023-32070 · WordPress · Carousel

Name of the Vulnerable Software and Affected Versions: The Carousel, Recent Post Slider and Banner Slider plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the spice post slider shortcode due to insufficient input...

PT-2023-31906 · WordPress · Php To Page

Name of the Vulnerable Software and Affected Versions: PHP to Page plugin for WordPress versions up to, and including, 0.3 Description: The issue allows authenticated attackers with subscriber-level permissions or above to include local files and potentially execute code on the server via the...

PT-2023-32056 · WordPress · Form For All

Name of the Vulnerable Software and Affected Versions: Contact form Form For All plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Stored Cross-Site Scripting via the 'formforall' shortcode due to insufficient input sanitization and output escaping on...