CVE-2021-24880

The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Cross site scripting

The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Wordpress Plugin SupportCandy 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in Wordpress Plugin SupportCandy, which stems from the product's failure to effectively hand...

WordPress Custom Content Shortcode plugin <= 3.8.9 - Unauthorized Arbitrary Post Metadata Access vulnerability

Unauthorized Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 3.8.9. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.0...

WordPress Custom Content Shortcode plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 4.0.1. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.2...

WordPress Custom Content Shortcode plugin <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion (LFI) vulnerability

Authenticated Arbitrary File Access / Local File Inclusion LFI vulnerability discovered by Francesco Carlucci in WordPress Custom Content Shortcode plugin versions = 4.0.1. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.2...

Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access

The field shortcode included with the plugin, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved PoC With...

Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI

The plugin does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion attacks as PHP files will be executed. Please note...

Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them, which could allow Contributor+ v Preferences Panels and enable the Custom Fields, such as testxss with a value of Then add the following shortcode to the post field testxss and view/preview it to trigger the XSS...

Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI

The plugin does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion attacks as PHP files will be executed. Please note...

Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them, which could allow Contributor+ v Preferences Panels and enable the Custom Fields, such as testxss with a value of alert/XSS/ Then add the following shortcode to the post field testxss and view/preview it to trigger the XSS...

Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting

The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Settings which gets injected on the edit page as well as any page that embeds the calculator using the shortcode, as well as the Text...

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

The plugin allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.8 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to...

WP User < 7.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues PoC PAGEWITHSHORTCODE is a page with the wpuser shortcode embed https://example.com/?pageid=PAGEWITHSHORTCODEid="...

WP User < 7.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues PAGEWITHSHORTCODE is a page with the wpuser shortcode embed https://example.com/?pageid=PAGEWITHSHORTCODE&formid="alert/XSS/...

WordPress Mortgage Calculators WP 1.52 Cross Site Scripting

Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...

WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...

WordPress Custom Content Shortcode plugin <= 3.8.9 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered in WordPress Custom Content Shortcode plugin versions = 3.8.9. Solution Update the WordPress Custom Content Shortcode plugin to the latest available version at least 4.0.0...

Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting

The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. 1. Go to settings page available under the "Calculato...

SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks PoC supportcandy page="init';alert/XSS///"...