PT-2024-34970 · Unknown · Sazzad Hu Image Carousel Shortcode

Name of the Vulnerable Software and Affected Versions: Sazzad Hu Image Carousel Shortcode versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the...

CVE-2024-9839

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-10262

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-10262 Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-10262 Drop Shadow Boxes <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible fo...

CVE-2024-9839

CVE-2024-9839 concerns the WordPress plugin Uix Slideshow . It is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 1.6.5 , caused by executing an action that does not properly validate values before running do_shortcode. Connected sources collapse th...

CVE-2024-10262

The CVE-2024-10262 entry concerns the WordPress plugin Drop Shadow Boxes (versions

CVE-2024-9839 Uix Slideshow <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Drop Shadow Boxes plugin <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Drop Shadow Boxes versions = 1.7.14...

WordPress Uix Slideshow plugin <= 1.6.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Uix Slideshow versions = 1.6.5...

CVE-2024-10113

The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenterad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-10113

The vulnerability CVE-2024-10113 affects the WordPress plugin WP AdCenter – Ad Manager & Adsense Ads, specifically via the wpadcenter_ad shortcode. The issue is a Stored Cross-Site Scripting (XSS) in all versions up to and including 2.5.7 caused by insufficient input sanitization and output escap...

PT-2024-39878 · WordPress · Uix Slideshow

Name of the Vulnerable Software and Affected Versions: The Uix Slideshow plugin for WordPress versions up to, and including, 1.6.5 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it...

PT-2024-16063 · WordPress · Steel

Name of the Vulnerable Software and Affected Versions: The Steel plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's btn shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-16143 · WordPress · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Drop Shadow Boxes plugin for WordPress versions up to, and including, 1.7.14 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-9578

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

CVE-2024-9578

CVE-2024-9578 : The Hide Links WordPress plugin is vulnerable in all versions up to and including 1.4.2, allowing unauthenticated attackers to execute arbitrary shortcodes by abusing do_shortcode via the comment_text filter. Impact is unauthenticated shortcode execution on the target site. Remedi...

CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...