Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. PoC http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

Spider Catalog 1.4.6 Multiple Vulnerabilities

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities. Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...

CVE-2012-5350

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode...

CVE-2012-5325

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

CVE-2012-5325

The vulnerability CVE-2012-5325 affects the WordPress Shortcode Redirect plugin (

CVE-2012-5325

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

WordPress Shortcode Redirect Plugin <= 1.0.01 - Multiple XSS

Because of these vulnerabilities, the authenticated users with certain permissions can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure

Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins : http://downloads.wordpress.org/plugin/simple-download-button-shortcode.1.0.0.zip Date :...

Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure

Exploit for php platform in category web applications Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins :...

WordPress Shortcode Redirect 1.0.01 Stored Cross Site Scripting

Exploit Title: Wordpress Shortcode Redirect plugin = 1.0.01 Stored XSS Dork: inurl:/wp-content/plugins/shortcode-redirect/ Date: 2012/01/18 Author: Gianluca Brindisi gATbrindi.si @gbrindisi http://brindi.si/g/ Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip...

WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities

WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities Exploit Title: Wordpress Pay With Tweet plugin XSS After submitting the tweet: ?title=XSS&dl=REDIRECT-TO-URL%27"XSS The final download link will be replaced with REDIRECT-TO-URL POC:...