PT-2024-16553 · WordPress · Boostify Header Footer Builder

Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Information Exposure, where authenticated attackers with Contributor-level access and above can extrac...

PT-2024-16093 · WordPress · Slickstream

Name of the Vulnerable Software and Affected Versions: Slickstream: Engagement and Conversions plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's slick-grid shortcode due to insufficient input sanitization an...

WordPress plugin RSS Feed Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-52352

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0...

CVE-2024-52352

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through = 1.0...

CVE-2024-52352 WordPress Postcasa Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through = 1.0...

CVE-2024-52352

CVE-2024-52352 is a DOM-based Cross-Site Scripting flaw in the WordPress plugin Postcasa Shortcode. The vulnerability affects Postcasa Shortcode versions up to 1.0 and is exploitable in an authenticated context (Contributor+). Descriptions from Red Hat and Wordfence corroborate that the issue ena...

CVE-2024-52352 WordPress Postcasa Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0...

CVE-2024-51573 WordPress ML Responsive Audio plugin <= 0.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through = 0.2...

WordPress WP Photo Album Plus plugin <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay vulnerability

Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Photo Album Plus versions = 8.8.08.007...

WordPress plugin Postcasa Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin ML Responsive Audio player with playlist Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin ML Responsive Audio player wi...

PT-2024-16471 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: Futurio Extra plugin for WordPress versions up to, and including, 2.0.13 Description: The issue concerns Information Exposure via the elementor-template shortcode due to insufficient restrictions on which posts can be included. This allows...

Exploit for Code Injection in Wppa Wp_Photo_Album_Plus

WordPress WP Photo Album Plus Arbitrary Shortcode Execution...

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958 WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958 WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958

CVE-2024-10958 affects the WP Photo Album Plus WordPress plugin. The Red Hat and Wordfence sources confirm an unauthenticated arbitrary shortcode execution vulnerability via the getshortcodedrenderedfenodelay AJAX action in versions up to 8.8.08.007. The underlying issue is a lack of proper valid...

CVE-2024-51576

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1...