9014 matches found
PT-2025-3701 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions prior to 3.25.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, a...
PT-2025-2249 · WordPress · Embed Swagger
Name of the Vulnerable Software and Affected Versions: Embed Swagger UI plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2025-2241 · WordPress · Music Sheet Viewer
Name of the Vulnerable Software and Affected Versions: Music Sheet Viewer plugin for WordPress versions up to, and including, 4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'pn msv' shortcode due to insufficient input sanitization and output escaping on...
PT-2025-2143 · WordPress · Alex Reservations
Name of the Vulnerable Software and Affected Versions: Alex Reservations: Smart Restaurant Booking plugin for WordPress versions up to, and including, 2.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'rr form' shortcode due to insufficient input sanitization...
PT-2025-2127 · WordPress · Stockdio Historical Chart
Name of the Vulnerable Software and Affected Versions: Stockdio Historical Chart plugin for WordPress versions up to, and including, 2.8.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode due to insufficient input sanitizatio...
PT-2025-2228 · WordPress · Wordpress Survey & Poll
Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to and including 1.7.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject SQL queries via the id attribute o...
PT-2025-1851 · WordPress · Wp Dispensary
Name of the Vulnerable Software and Affected Versions: WP Dispensary plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpd menu' shortcode due to insufficient input sanitization and output escaping on...
PT-2025-2184 · WordPress · Atakan Au Automatically Hierarchic Categories In Menu
Name of the Vulnerable Software and Affected Versions: Automatically Hierarchic Categories in Menu plugin for WordPress versions up to, and including, 2.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode due to insufficient input...
PT-2025-1853 · WordPress · Html5 Chat Plugin
Name of the Vulnerable Software and Affected Versions: HTML5 Chat Plugin for WordPress versions 1.04 and earlier Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the HTML5 chat plugin for WordPress. This vulnerability is due to insufficient input sanitization and...
CVE-2024-13561 Target Video Easy Publish <= 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via brid_override_yt Shortcode
The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bridoverrideyt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-2218 · WordPress · Target Video Easy Publish
Name of the Vulnerable Software and Affected Versions: Target Video Easy Publish plugin for WordPress versions up to, and including, 3.8.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's brid override yt shortcode due to insufficient input sanitization and output...
WordPress Philantro plugin <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via donate Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Philantro versions = 5.3...
PT-2025-2207 · WordPress · The Philantro – Donations/Donor Management
Name of the Vulnerable Software and Affected Versions: The Philantro – Donations and Donor Management plugin for WordPress versions up to, and including, 5.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as donate, due to insufficient input...
WordPress ThemeREX Addons plugin <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability
Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin ThemeREX Addons versions = 2.33.0...
CVE-2024-10633
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...
CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...
CVE-2024-10633 Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 Business, up to, and including, 21.8.0 Developer, and up to, and including, 31.8.0 Agency. This is due to the software allowing users to...
CVE-2024-10633
CVE-2024-10633 affects the Quiz Maker Business, Developer, and Agency WordPress plugins. The vulnerability arises from improper validation before do_shortcode, enabling unauthenticated users to execute arbitrary shortcodes. Impact is characterized as arbitrary shortcode execution with network-acc...
WordPress plugin Quiz Maker Business, Developer, and Agency 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-13586
The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...