WordPress LifterLMS plugin <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin LifterLMS versions = 7.6.2...

PT-2024-32374 · WordPress · Testimonials Widget

Name of the Vulnerable Software and Affected Versions: Testimonials Widget plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's testimonials shortcode due to insufficient input sanitization and output escaping ...

WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Content Blocks Custom Post Widget versions = 3.3.0...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

WordPress HUSKY plugin <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin HUSKY versions = 1.3.5.3...

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WordPress All-in-One Video Gallery plugin <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via aiovgsearchform Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin All-in-One Video Gallery versions = 3.6.5...

CVE-2024-4383

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Simple Membership plugin <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Simple Membership versions = 4.4.5...

WordPress Leaflet Maps Marker plugin <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Leaflet Maps Marker versions = 3.12.8...

PT-2024-25232 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode due to insufficient input sanitization an...

PT-2024-24873 · WordPress · Follow Us Badges

Name of the Vulnerable Software and Affected Versions: Follow Us Badges plugin for WordPress versions up to, and including, 3.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpsite follow us badges shortcode due to insufficient input sanitization and output...

WordPress WordPress Header Builder Plugin – Pearl plugin <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Pearl versions = 1.3.6...

WordPress Grid Gallery – Photo Image Grid Gallery plugin <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Grid Gallery versions = 1.4.3...

WordPress Inline Google Spreadsheet Viewer plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Inline Google Spreadsheet Viewer versions = 0.13.2...

WordPress Photo Gallery plugin <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode vulnerability

AuthenticatedContributor+ PHP Object Injection via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Photo Gallery – Responsive Photo Gallery versions = 1.4.2...

WordPress All in One SEO plugin <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin All In One SEO Pack versions = 4.6.0...

WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin WP ULike versions = 4.6.9...

WordPress Simple Membership plugin <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Thanh Nam Tran in WordPress Plugin Simple Membership versions = 4.4.3...