WP < 6.2.2 - Shortcode Execution in User Generated Data

Description WordPress allows shortcode to be executed in user generated data via block themes, which could allow unauthenticated users to execute shortcode via comments for instance...

WordPress 5.1.x < 5.1.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 6.1.x < 6.1.2 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.2.x < 4.2.35 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.6.x < 5.6.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.6.x < 4.6.26 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.8.x < 4.8.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.8.x < 5.8.7 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.3.x < 5.3.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.1.x < 4.1.38 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.4.x < 5.4.13 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.0.x < 5.0.19 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.2.x < 5.2.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.4.x < 4.4.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 6.2.x < 6.2.1 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 5.5.x < 5.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.5.x < 4.5.29 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 4.9.x < 4.9.23 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

WordPress 6.0.x < 6.0.4 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...

File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC fileup class='" onmouseover="alert1"'...