Code injection

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...

CVE-2022-33970 WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...

CVE-2022-33970

CVE-2022-33970 affects the WordPress Shortcode Addons plugin (versions up to and including 3.1.2). The vulnerability allows authenticated users to change plugin options, indicating an issue in access control for option/configuration changes. The issue is confirmed across multiple sources (NVD/NIS...

WordPress plugin Shortcode Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.1.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.2.0...

CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

CVE-2022-34487

CVE-2022-34487 affects WordPress Shortcode Addons plugin versions ≤ 3.0.2. Nuclei template and related reports describe an unauthenticated arbitrary option update due to insufficient access controls, enabling attackers to modify plugin options without authentication. Impact is potential site defa...

CVE-2022-34487 WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

PT-2022-22178 · WordPress · Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018's Shortcode Addons plugin versions 3.0.2 and earlier Description: The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. Recommendations: For versions...

WordPress plugin Shortcode Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Shortcode For Current Date plugin <= 2.1.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ryan Dewhurst in WordPress Shortcode For Current Date plugin versions = 2.1.6. Solution Update the WordPress Shortcode for Current Date plugin to the latest available version at least 2.1.7...

Shortcode For Current Date < 2.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of its shortcode's attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC currentdate format='d/m/Y' size="10px;position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px'...

Shortcode For Current Date < 2.1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the some of its shortcode's attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks currentdate format='d/m/Y' size="10px;position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px'...

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E e.g:...

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting PoC On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E...

WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.0.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.0.3...

VulnCheck KEV: CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

Unpublished, protected files can be published via shortcode

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. Draft protected images can be published by changing an existing image shortcode on website content to...

CVE-2022-29858

Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content...