CVE-2023-4036

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...

WordPress plugin Booking Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2024-33999

Malicious code in bioql PyPI...

EUVD-2023-59188

Malicious code in bioql PyPI...

CVE-2023-1911

The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...

PT-2025-2249 · WordPress · Embed Swagger

Name of the Vulnerable Software and Affected Versions: Embed Swagger UI plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17639 · WordPress · States Map Us

Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...

PT-2024-17313 · WordPress · Cricket Live Score

Name of the Vulnerable Software and Affected Versions: Cricket Live Score plugin for WordPress versions prior to 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cricket score' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17628 · WordPress · Simple Locator

Name of the Vulnerable Software and Affected Versions: The Simple Locator plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...

CVE-2024-10689

CVE-2024-10689 pertains to XLTab – Accordions and Tabs for Elementor Page Builder (WordPress) versions up to 1.4, where an Information Exposure vulnerability allows authenticated attackers with Contributor-level access or higher to extract data from private or draft posts via the XLTAB_INSERT_TPL...

PT-2024-16918 · WordPress · Hls Player

Name of the Vulnerable Software and Affected Versions: HLS Player plugin for WordPress versions up to, and including, 1.0.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's hls player shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16103 · WordPress · The Anchor Episodes Index

Name of the Vulnerable Software and Affected Versions: The Anchor Episodes Index Spotify for Podcasters plugin for WordPress versions up to, and including, 2.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's anchor episodes shortcode due to insufficient input...

PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

CVE-2024-4565

The Advanced Custom Fields ACF WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access...

PT-2024-31746 · WordPress · Layerslider

Name of the Vulnerable Software and Affected Versions: LayerSlider plugin for WordPress version 7.11.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ls search form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...

PT-2024-28794 · WordPress · Hcaptcha For Wordpress

Name of the Vulnerable Software and Affected Versions: hCaptcha for WordPress plugin for WordPress versions up to, and including, 4.0.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's cf7-hcaptcha shortcode, allowi...

PT-2024-15120 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.8.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'alg wc ean product meta' shortcode due to insufficient input sanitization and...

PT-2024-15170 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue allows authenticated attackers with contributor level access or higher to...

PT-2023-32278 · WordPress · Vk Filter Search

Name of the Vulnerable Software and Affected Versions: VK Filter Search plugin for WordPress versions up to, and including, 2.3.1 Description: The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk filter search' shortcode due to insufficient...