103 matches found
CVE-2023-5448
CVE-2023-5448 affects the WordPress plugin WP Register Profile With Shortcode. The issue is a Cross-Site Request Forgery due to missing/incorrect nonce validation in update_password_validate, enabling unauthenticated attackers to reset a user’s password through a forged request if a user is entic...
WordPress plugin iframe Shortcode Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Plugin WP Shortcode by MyThemeShop Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...
CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure
A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Artem Abramovich Art Decoration Shortcode plugin = 1.5.6 versions...
CVE-2023-35094
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin = 2.1.4 versions...
CVE-2023-35094
CVE-2023-35094 affects the WordPress plugin MPEmbed WP Matterport Shortcode. The connected Patchstack entry confirms a stored Cross-Site Scripting (XSS) vulnerability in versions
Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode
The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...
CVE-2023-29436
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
CVE-2023-29436
CVE-2023-29436 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Flyn San IFrame Shortcode” (Flynsarmy iframe shortcodes) affecting versions ≤ 1.0.5. The issue requires authenticated access (Contributor+), and exploit occurs via the plugin’s shortcode handling, enablin...
CVE-2023-0526
The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin menu shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2022-4679
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Google Maps v3 Shortcode Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Google Maps v3 Shortcode Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23827 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6111df9930d9 Credits István Márton...
CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode
The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress Plugin shortcode-imdb SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
WordPress ShortCode Plugin Directory Traversal Vulnerability
WordPress ShortCode Plugin is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability
No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87214' version = '1' vulDate = '1409760000' createDate = '1442937600' references =...
Directory traversal
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...