712 matches found
PT-2024-39965 · WordPress · Wp Show More
Name of the Vulnerable Software and Affected Versions: WP show more plugin for WordPress versions up to, and including, 1.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's show more shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...
PT-2024-39923 · WordPress · Streamweasels Twitch Integration
Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...
WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpsaiosnapchat Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Click to Chat – WP Support All-in-One Floating Widget versions = 2.3.3...
CVE-2024-10055
The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Arconix Shortcodes plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.12...
WordPress Rescue Shortcodes plugin <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Rescue Shortcodes versions = 2.8...
WordPress Social Sharing (by Danny) plugin <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Sharing by Danny versions = 1.3.7...
CVE-2024-9704
The Social Sharing by Danny plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvksocialsharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
PT-2024-39372 · WordPress · Wp Gpx Map
Name of the Vulnerable Software and Affected Versions: WP GPX Maps plugin for WordPress versions up to, and including, 1.7.08 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode due to insufficient input sanitization and output escaping on...
WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...
CVE-2024-8623
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...
PT-2024-38969 · WordPress · Share This Image
Name of the Vulnerable Software and Affected Versions: Share This Image plugin for WordPress versions up to, and including, 2.02 Description: The issue is related to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-3998
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Foxyyy in WordPress Theme Betheme versions = 27.5.6...
CVE-2024-1384
The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Custom Field For WP Job Manager plugin <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability
Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Field For WP Job Manager versions = 1.2...
WordPress WP MultiTasking plugin <= 0.1.12 - Reflected XSS via Shortcode vulnerability
Reflected XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin WP MultiTasking versions = 0.1.12...
PT-2024-37694 · WordPress · Sheet To Table Live Sync For Google Sheet
Name of the Vulnerable Software and Affected Versions: The Sheet to Table Live Sync for Google Sheet plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's STWT Sheet Table shortcode due to insufficient input...