CVE-2024-3811

The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9024

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9024 Material Design Icons <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Material Design Icons plugin <= 0.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdi-icon Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mdi-icon Shortcode vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Material Design Icons versions = 0.0.5...

PT-2024-27890 · WordPress · Salient Core

Name of the Vulnerable Software and Affected Versions: Salient Core plugin for WordPress versions up to, and including, 2.0.7 Description: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion via the nectar icon shortcode icon linea attribute. This allows authenticated...

CVE-2023-5232

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2023-31961 · WordPress · Font Awesome More Icons

Name of the Vulnerable Software and Affected Versions: Font Awesome More Icons plugin for WordPress versions up to, and including, 3.5 Description: The issue is related to Stored Cross-Site Scripting via the icon shortcode due to insufficient input sanitization and output escaping on user-supplie...

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...