8997 matches found
PT-2024-17353 · WordPress · One Click Upsell Funnel For Woocommerce
Name of the Vulnerable Software and Affected Versions: The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress versions up to, and including, 3.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wps wocuf pro yes shortcode due to insufficient...
PT-2024-16813 · WordPress · Multi-Column Tag Map
Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map plugin for WordPress versions up to, and including, 17.0.33 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mctagmap shortcode due to insufficient input sanitization and output escaping o...
PT-2024-17668 · WordPress · Magicpost
Name of the Vulnerable Software and Affected Versions: MagicPost plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wb share social shortcode due to insufficient input sanitization and output escaping on...
WordPress MagicPost plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wbsharesocial Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin MagicPost – WordPress文章管理功能增强插件 versions = 1.2.1...
WordPress Multi-column Tag Map plugin <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mctagmap Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Multi-column Tag Map versions = 17.0.33...
WordPress One Click Upsell Funnel for WooCommerce plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpswocufproyes Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin One Click Upsell Funnel for WooCommerce versions = 3.4.9...
WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...
WordPress Serious Slider plugin < 1.2.7 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Serious Slider versions 1.2.7...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-17631 · WordPress · Nacc Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: NACC WordPress Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-17248 · WordPress · Outdooractive Embed
Name of the Vulnerable Software and Affected Versions: Outdooractive Embed plugin for WordPress version 1.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-17256 · WordPress · Sell Tickets Online – Ticketsource Ticket Shop
Name of the Vulnerable Software and Affected Versions: Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin versions up to, and including, 3.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode due to insufficient input...
PT-2024-17255 · WordPress · Financial Calculator
Name of the Vulnerable Software and Affected Versions: Financial Calculator plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's finance calculator shortcode due to insufficient input sanitization and output...
PT-2024-16969 · WordPress · Spotlight
Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17633 · WordPress · Embed Twine
Name of the Vulnerable Software and Affected Versions: Embed Twine plugin for WordPress versions up to, and including, 0.1.0 Description: The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed twine' shortcode due to insufficient input sanitizati...
PT-2024-17250 · WordPress · Pcrecruiter Extensions
Name of the Vulnerable Software and Affected Versions: PCRecruiter Extensions plugin for WordPress versions up to, and including, 1.4.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode due to insufficient input sanitization and output...
PT-2024-17327 · WordPress · Spoki
Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...