CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238

CVE-2024-12238 affects the WordPress plugin Ninja Forms – The Contact Form Builder That Grows With You. The vulnerability allows arbitrary shortcode execution in all versions up to and including 3.8.22 due to insufficient validation when do_shortcode is executed. This enables authenticated attack...

PT-2024-17504 · WordPress · Ninja Forms

Name of the Vulnerable Software and Affected Versions: The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.8.22 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an acti...

WordPress plugin Ninja Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress WP-SVG plugin <= 0.9 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin WP-SVG versions = 0.9...

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11644

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11644

The CVE-2024-11644 entry concerns the WP-SVG WordPress plugin (versions

CVE-2024-11644 WP-SVG <= 0.9 - Contributor+ Stored XSS via Shortcode

The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-17152 · WordPress · Wp-Svg

Name of the Vulnerable Software and Affected Versions: WP-SVG WordPress plugin versions 0.9 and prior Description: The issue concerns the WP-SVG WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is...

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Loan Comparison 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-17214 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.21 Description: The issue is related to SQL Injection via the category parameter of the 'bookingpress form' shortcode. This is due to insufficient escaping on the...

PT-2024-17677 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to and including 5.0.7 Description: The issue is related to stored Cross-Site Scripting XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...

PT-2024-17637 · Teplitsa · Shmapper

Name of the Vulnerable Software and Affected Versions: ShMapper by Teplitsa plugin for WordPress versions up to, and including, 1.4.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-11977

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-11977

CVE-2024-11977 concerns the kk Star Ratings – Rate Post & Collect User Feedbacks WordPress plugin. The WordPress plugin is vulnerable to arbitrary shortcode execution in all versions up to and including 5.4.10 due to unvalidated input passed to do_shortcode, enabling unauthenticated attackers to ...