CVE-2024-11442 Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

WordPress Surbma | SalesAutopilot Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | SalesAutopilot Shortcode versions = 2.0...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17415 · WordPress · Carousel Slider & Grid Ultimate

Name of the Vulnerable Software and Affected Versions: Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress versions up to, and including, 1.9.10 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary...

PT-2024-17319 · WordPress · Faq/Answers – Create Frequently Asked Questions Area

Name of the Vulnerable Software and Affected Versions: FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'faq' shortcode due to insufficie...

PT-2024-17212 · WordPress · Kvcore Idx Plugin

Name of the Vulnerable Software and Affected Versions: kvCORE IDX plugin for WordPress versions up to, and including, 2.3.35 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows unauthenticated...

PT-2024-17308 · WordPress · Social Media Shortcodes

Name of the Vulnerable Software and Affected Versions: Social Media Shortcodes plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode due to insufficient input sanitization and output escaping...

PT-2024-17311 · WordPress · Add Infos To The Events Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Add infos to the events calendar plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode due to insufficient input sanitization and output...

PT-2024-17604 · WordPress · Wp-Revive Adserver

Name of the Vulnerable Software and Affected Versions: WP-Revive Adserver plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wprevive async shortcode due to insufficient input sanitization and output escaping...

PT-2024-17334 · WordPress · Powerbi Embed Reports

Name of the Vulnerable Software and Affected Versions: PowerBI Embed Reports plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'MO API POWER BI' shortcode due to insufficient input sanitization and output...

PT-2024-17238 · WordPress · Currency Converter Widget ⚡ Pro

Name of the Vulnerable Software and Affected Versions: Currency Converter Widget ⚡ PRO plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on user-suppli...

WordPress plugin WoodMart 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17548 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: Woodmart theme for WordPress versions up to 8.0.3 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action without properly validating a value before...

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...

PT-2024-16996 · WordPress · Horizontal Scroll Image Slideshow

Name of the Vulnerable Software and Affected Versions: Horizontal scroll image slideshow plugin for WordPress versions up to and including 10.1 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes i...

PT-2024-16637 · WordPress · The Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus – Unlimited grid layout plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes via the "grid plus load by category" AJAX action. This is...

WordPress Arena.IM – Live Blogging for real-time events plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via arenaembedamp Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.4.1...

SUSE CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

CVE-2024-10959

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...