CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899

CVE-2024-10899 affects WordPress plugin WooCommerce Product Table Lite up to version 3.8.6. It allows unauthenticated attackers to execute arbitrary shortcodes due to unvalidated input before do_shortcode, and the same id parameter is vulnerable to Reflected XSS. The remediation is to upgrade to ...

PT-2024-16091 · WordPress · Beds24 Online Booking

Name of the Vulnerable Software and Affected Versions: Beds24 Online Booking plugin for WordPress versions up to, and including, 2.0.26 Description: The issue is related to Stored Cross-Site Scripting via the plugin's beds24-link shortcode due to insufficient input sanitization and output escapin...

PT-2024-16995 · WordPress · Grey Owl Lightbox

Name of the Vulnerable Software and Affected Versions: The Grey Owl Lightbox plugin for WordPress versions up to, and including, 1.6.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gol button' shortcode due to insufficient input sanitization and output escapin...

WordPress plugin WooCommerce Product Table Lite 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-16970 · WordPress · Shine Pdf Embeder

Name of the Vulnerable Software and Affected Versions: Shine PDF Embeder plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode due to insufficient input sanitization and output escaping on...

WordPress WooCommerce Product Table Lite plugin <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WooCommerce Product Table Lite versions = 3.8.6...

CVE-2024-51898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sachin8600 Semantic Shortcode semantic-shortcode allows Stored XSS.This issue affects Semantic Shortcode: from n/a through = 1.0.1...

CVE-2024-51890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...

CVE-2024-51864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Agnel Waghela Shortcode Collection shortcode-collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through = 1.4...

CVE-2024-51842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through = 1.2...

CVE-2024-51827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through = 1.0.0...

CVE-2024-51823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SherkSpear Add Ribbon Shortcode add-ribbon allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through = 1.0.1...

CVE-2024-51804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobmatnyc Moka Get Posts Shortcode moka-get-posts allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through = 1.0...

CVE-2024-51804 WordPress Moka Get Posts Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bob Matsuoka Moka Get Posts Shortcode allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through 1.0...

CVE-2024-51804

CVE-2024-51804 : DOM-based XSS in WordPress plugin Moka Get Posts Shortcode (moka-get-posts)

CVE-2024-51823 WordPress Add Ribbon Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SherkSpear Add Ribbon Shortcode add-ribbon allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through = 1.0.1...

CVE-2024-51823 WordPress Add Ribbon Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sherwin Calims Add Ribbon Shortcode allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through 1.0.1...

CVE-2024-51823

CVE-2024-51823 concerns the WordPress plugin Add Ribbon Shortcode (vulnerable up to 1.0.1) and describes a DOM‑Based XSS caused by improper input neutralization during web page generation. The description in the initial document states Cross-site Scripting for Add Ribbon Shortcode and lists affec...