WordPress GamiPress plugin <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressgetuserearnings vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin GamiPress versions = 7.1.5...

WordPress plugin Testimonial Slider Shortcode 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...

WordPress plugin Embed documents shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress plugin Semantic Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress plugin Geoportail Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Boombox Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Add Ribbon Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-34994 · Unknown · Agnel Waghela Shortcode Collection

Name of the Vulnerable Software and Affected Versions: Agnel Waghela Shortcode Collection versions 1.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-16147 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sonaar audioplayer shortcode due t...

PT-2024-16721 · WordPress · Wpb Popup For Contact Form 7

Name of the Vulnerable Software and Affected Versions: WPB Popup for Contact Form 7 versions 1.7.5 and earlier Description: The issue is related to arbitrary shortcode execution via the wpb pcf fire contact form AJAX action. This is due to the software allowing users to execute an action that doe...

WordPress plugin WPB Popup for Contact Form 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-34954 · Unknown · Boombox Shortcode

Name of the Vulnerable Software and Affected Versions: Boombox Shortcode versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to...

WordPress plugin Shortcode Collection 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-35036 · Joan Boluda · Embed Documents Shortcode

Name of the Vulnerable Software and Affected Versions: Joan Boluda Embed documents shortcode versions 1.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. The Embed...

WordPress plugin Image Carousel Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-34970 · Unknown · Sazzad Hu Image Carousel Shortcode

Name of the Vulnerable Software and Affected Versions: Sazzad Hu Image Carousel Shortcode versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the...

CVE-2024-9839

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-10262

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-10262 Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...