Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS

The plugin allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design like subutton's onclick attribute. Po...

CVE-2021-24471

The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cclang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target,...

CVE-2021-24468

The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...

Leaflet Map < 3.0.0 - Contributor+ Stored XSS

The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...

WordPress Plugin WordPress File Upload Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Iptanus WordPress File Upload plugin is used in one of the file upload plugin. A security vulnerability exists in...

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

Default credentials

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...