712 matches found
PT-2024-16987 · WordPress · Ragic Shortcode
Name of the Vulnerable Software and Affected Versions: Ragic Shortcode plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode due to insufficient input sanitization and output escaping on...
WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...
WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...
WordPress 워드프레스 결제 심플페이 plugin <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting pafwinstantpayment Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.1.4...
PT-2024-16846 · WordPress · 우커머스 네이버페이
Name of the Vulnerable Software and Affected Versions: 우커머스 네이버페이 plugin for WordPress versions up to, and including, 3.3.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mnp purchase shortcode due to insufficient input sanitization and output escaping on...
PT-2024-16951 · WordPress · Easy Liveblogs
Name of the Vulnerable Software and Affected Versions: Easy Liveblogs plugin for WordPress versions up to, and including, 2.3.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'elb liveblog' shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-11388
The Dino Game – Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2024-10172
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
PT-2024-16147 · Sonaar · Mp3 Audio Player – Music Player
Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sonaar audioplayer shortcode due t...
CVE-2024-10770
The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-34768 · Unknown · Edc Team Quran Shortcode
Name of the Vulnerable Software and Affected Versions: EDC Team Quran Shortcode versions 1.5 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection,...
WordPress Event Post plugin <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via eventscal Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.9.6...
PT-2024-16101 · WordPress · Event Post Plugin
Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.6 Description: The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events cal shortcode due to insufficient input sanitization an...
WordPress Contact Form 7 – Dynamic Text Extension plugin <= 4.5 - Information Disclosure via Shortcode vulnerability
Information Disclosure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Contact Form 7 – Dynamic Text Extension versions = 4.5...
PT-2024-39639 · WordPress · Wp Simple Anchors Links
Name of the Vulnerable Software and Affected Versions: WP Simple Anchors Links plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpanchor shortcode due to insufficient input sanitization and output escaping ...
WordPress Widget or Sidebar Shortcode plugin <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Widget or Sidebar Shortcode versions = 0.6.1...
WordPress T(-) Countdown plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin T- Countdown versions = 2.4.8...
WordPress Newsletters plugin <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via newslettersvideo Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Newsletters versions = 4.9.9.4...
WordPress SW Kick Integration plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.1...
WordPress StreamWeasels YouTube Integration plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sw-youtube-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels YouTube Integration versions = 1.3.2...