WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'marketplace' Shortcode vulnerability discovered by zakaria in WordPress Plugin Marketplace Items versions = 1.5.5...

EUVD-2024-50856

Malicious code in bioql PyPI...

CVE-2024-12437

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12437

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12437 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12437 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-12437

The CVE-2024-12437 entry affects the Marketplace Items WordPress plugin and is a stored XSS via the plugin’s envato shortcode in versions ≤ 1.5.5, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabling inj...

CVE-2024-12439 Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode

The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Marketplace Items 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Marketplace Items 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-1849 · WordPress · Marketplace Items

Name of the Vulnerable Software and Affected Versions: Marketplace Items plugin for WordPress versions up to, and including, 1.5.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'marketplace' shortcode. This allow...

WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Marketplace Items versions = 1.5.5...

AN ATTACKER CAN CREATE A SHORT PUT OPTION ORDER ON AN NFT THAT DOES NOT SUPPORT ERC721 (LIKE CRYPTOPUNK), AND THE USER CAN FULFILL THE ORDER, BUT CANNOT EXERCISE THE OPTION

Lines of code Vulnerability details Impact Blur is kind of NFT marketplace where will somehow attracts high value NFT items like cryptopunk. Therefore assuming the platform will handle cryptopunk NFT is a common thing, and this raise an issue. An attacker can create a short put option on...