PT-2024-17295 · WordPress · Listdom

Name of the Vulnerable Software and Affected Versions: Listdom – Business Directory and Classified Ads Listings WordPress Plugin versions up to, and including, 3.7.0 Description: The issue is related to Stored Cross-Site Scripting via the shortcode parameter due to insufficient input sanitization...

WordPress Listdom plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shortcode Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Listdom versions = 3.7.0...

CVE-2024-3020

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is prese...

PT-2024-23248 · Shapedplugin · Carousel +3

Name of the Vulnerable Software and Affected Versions: Plugin versions up to and including 2.6.3 Description: The issue allows authenticated attackers with administrator-level access to inject a PHP Object via deserialization of untrusted input in the import function using the shortcode parameter...

CVE-2023-5177

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

CVE-2018-16285

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

Design/Logic Flaw

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

WordPress WooCommerce Products Filter Plugin File Inclusion Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WooCommerce Products Filter aka WOOF plugin is to use one of the conditional filtering plugin . A file inclusion...

Remote code execution

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

Cross site scripting

Cross-site scripting XSS vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...