CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...

WordPress Paid Membership Subscriptions plugin <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Paid Member Subscriptions versions = 2.13.0...

WordPress WOOCS – WooCommerce Currency Switcher plugin <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin FOX versions = 1.4.2.2...

PT-2024-16820 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Reflected Cross-Site Scripting in multiple WordPress plugins due to insufficient input sanitization and output escaping in the cminds free guide shortcode...

WordPress plugin InPost Gallery 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-16772 · WordPress · Bne Gallery Extended

Name of the Vulnerable Software and Affected Versions: BNE Gallery Extended plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

PT-2024-16694 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery plugin for WordPress versions up to, and including, 2.1.4.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software not properly validatin...

WordPress BNE Gallery Extended plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via gallery Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin BNE Gallery Extended versions = 1.2.1...

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

WordPress InPost Gallery plugin <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via inpostgallerygetshortcodetemplate vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin InPost Gallery versions = 2.1.4.2...

WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...

CVE-2024-10709

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10709 YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10709

CVE-2024-10709 affects the YaDisk Files WordPress plugin up to version 1.2.5. Red Hat and multiple sources confirm a stored cross-site scripting (XSS) vulnerability where shortcode attributes are not properly validated/escaped before being output in posts/pages, enabling users with the contributo...

PT-2024-16482

Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom Shortcode Sidebars versions = 1.2...

CVE-2024-11034

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...