9014 matches found
CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution
The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...
CVE-2024-13472
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2024-13472
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2024-13472
CVE-2024-13472 affects the WordPress plugin “WooCommerce Product Table Lite” (versions up to and including 3.9.4). The issue allows unauthenticated attackers to achieve arbitrary shortcode execution due to improper validation before running do_shortcode, and the same sc_attrs parameter is vulnera...
WordPress Ticketmeo plugin <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Ticketmeo versions = 2.3.6...
CVE-2024-13101
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2025-2153 · WordPress · Wpradio
Name of the Vulnerable Software and Affected Versions: WPRadio – WordPress Radio Streaming Plugin versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wpradio player shortcode. This allows...
PT-2025-1837 · WordPress · Ai Infographic Maker
Name of the Vulnerable Software and Affected Versions: AI Infographic Maker plugin for WordPress versions up to, and including, 4.9.0 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes i...
PT-2025-2152 · WordPress · Frictionless
Name of the Vulnerable Software and Affected Versions: Frictionless plugin for WordPress versions up to, and including, 0.0.23 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the frictionless form shortcode. This allows...
PT-2025-2187 · WordPress · Woocommerce Product Table Lite
Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.9.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before runnin...
WordPress AI Infographic Maker plugin <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Infographic Maker – iList versions = 4.9.0...
WordPress WooCommerce Product Table Lite plugin <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability
Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin WooCommerce Product Table Lite versions = 3.9.4...
CVE-2024-8494
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...
CVE-2024-13700
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13670
The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13349
The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...