8997 matches found
PT-2024-17249 · WordPress · Particle Background
Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...
CVE-2024-11740
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-11740
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-11740
The CVE-2024-11740 entry concerns the WordPress Download Manager plugin (versions up to and including 3.3.03). The root cause is improper validation before executing do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes via an action. This results in an unauthenticated ...
WordPress Download Manager plugin <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Download Manager versions = 3.3.03...
CVE-2024-12061
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...
PT-2024-17598 · WordPress · Video Share Vod – Turnkey Video Site Builder Script
Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions prior to 2.6.31 Description: The issue is related to Stored Cross-Site Scripting in the plugin's videowhisper player html shortcode due to insufficient input...
PT-2024-16993 · WordPress · Scancircle
Name of the Vulnerable Software and Affected Versions: ScanCircle plugin for WordPress versions up to, and including, 2.9.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's scancircle shortcode. This allows...
PT-2024-17318 · WordPress · Easy Waveform Player
Name of the Vulnerable Software and Affected Versions: Easy Waveform Player plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode due to insufficient input sanitization and output...
WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Category Post Shortcode versions = 2.4...
CVE-2024-54414
Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...
CVE-2024-54414 WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...
CVE-2024-54414 WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...
CVE-2024-54414
CVE-2024-54414 refers to a Cross-Site Forgery to Stored Cross-Site Scripting issue in the WordPress plugin Geoportail Shortcode . Connected records indicate affected versions are up to 2.4.4, with the root cause described as CSRF enabling stored XSS. The Red Hat entry and ENISA/Wordfence aggregat...
WordPress Tithe.ly Giving Button plugin <= 1.1 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tithe.ly Giving Button versions = 1.1...
CVE-2024-11841
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11841
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11841
The CVE CVE-2024-11841 concerns the Tithe.ly Giving Button WordPress plugin (version up to 1.1) where shortcode attributes are not properly escaped/validated before output. This can enable Stored Cross-Site Scripting (XSS) attacks when a page or post embeds the shortcode and an attacker with Cont...