8962 matches found
WordPress Plugin Google Maps v3 Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection
Software Shortcode IMDB Type Plugin Vulnerable versions = 6.0.8 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47432 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 90dd9be6ea07 Credits minhtuanact Required privilege Administrator Publish...
Uji Popup <= 1.4.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Social Share Boost <= 4.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
File Gallery < 1.8.5.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder formerly Visual Composer WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder formerly Visual Composer WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
CVE-2023-1274 Pricing Tables For WPBakery Page Builder < 3.0 - Subscriber+ LFI
The Pricing Tables For WPBakery Page Builder formerly Visual Composer WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
CVE-2023-0367 Pricing Tables For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS
The Pricing Tables For WPBakery Page Builder formerly Visual Composer WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
CVE-2023-0367
CVE-2023-0367 affects the WordPress plugin Pricing Tables For WPBakery Page Builder (formerly Visual Composer) before 3.0. The issue arises from inadequate validation/escaping of certain shortcode attributes, allowing stored XSS when the shortcode is output on a page/post. Impact: potential Store...
CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...
Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...
Locatoraid Store Locator < 3.9.15 - Contributor+ Stored Cross-Site Scripting
The plugin does not properly sanitize input and escape output in its shortcodes, leading to stored cross-site scripting vulnerabilities for authenticated users with contributor-level permissions or higher...
Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC pcs template='" onmouseover="alert1"...
WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...
PT-2023-16853 · Wpbakery · Pricing Tables For Wpbakery Page Builder
Name of the Vulnerable Software and Affected Versions: Pricing Tables For WPBakery Page Builder formerly Visual Composer versions prior to 3.0 Description: The issue allows any authenticated users, such as subscribers, to perform Local File Inclusion LFI attacks due to the lack of validation of...
Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks pcs template='" onmouseover="alert1"...
Affiliate Links Lite <= 2.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Metform Elementor Contact Form Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...