CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959

CVE-2024-10959 details (Wordfence/Red Hat source): Affected software is the WordPress plugin Active Products Tables for WooCommerce. Use constructor to create tables . The vulnerability is an unauthenticated arbitrary shortcode execution via the woot_get_smth AJAX action, caused by executing do_s...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth vulnerability

Unauthenticated Arbitrary Shortcode Execution via wootgetsmth vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.6.5...

CVE-2024-54255

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through = 6.1.2...

CVE-2024-54255

CVE-2024-54255 — Open Redirect in WordPress Login Widget With Shortcode (Login Widget With Shortcode plugin)

PT-2024-36135 · Unknown · Login Widget With Shortcode

Name of the Vulnerable Software and Affected Versions: Login Widget With Shortcode versions n/a through 6.1.2 Description: The issue is an Open Redirect vulnerability that allows phishing attacks. This vulnerability exists in the Login Widget With Shortcode and can be exploited to redirect users ...

WordPress plugin Login Widget With Shortcode 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

CVE-2024-11380

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-16947 · WordPress · Mini Program Api

Name of the Vulnerable Software and Affected Versions: Mini Program API plugin for WordPress versions up to, and including, 1.4.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17003 · WordPress · Zooom

Name of the Vulnerable Software and Affected Versions: Zooom plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-17337 · WordPress · 코드엠샵 소셜톡

Name of the Vulnerable Software and Affected Versions: 코드엠샵 소셜톡 plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'msntt add plus talk' shortcode due to insufficient input sanitization and output escaping on...

WordPress ARMember plugin <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin ARMember versions = 4.0.51...

CVE-2024-10909

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681

CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...

CVE-2024-10909

The Pojo Forms WordPress plugin (pojo-forms) contains a vulnerability affecting versions up to 1.4.7 where an authenticated user with Subscriber+ can trigger arbitrary shortcode execution via the form_preview_shortcode AJAX action. The issue stems from insufficient validation before running do_sh...

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...