8997 matches found
CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Tithe.ly Giving Button 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Geoportail Shortcode 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site request forgery...
PT-2024-17338 · WordPress · Animated Counters
Name of the Vulnerable Software and Affected Versions: Animated Counters plugin for WordPress versions up to, and including, 2.0 Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode due to insufficient inp...
CVE-2024-12459
CVE-2024-12459 – WordPress Ganohrs Toggle Shortcode : A stored XSS vulnerability exists in the Ganohrs Toggle Shortcode plugin for WordPress, affecting versions up to 0.2.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes used by the plugin’s t...
CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
PT-2024-17231 · WordPress · Tcbd Popover
Name of the Vulnerable Software and Affected Versions: TCBD Popover plugin for WordPress versions prior to 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image' shortcode due to insufficient input sanitization and output escaping on user-suppli...
WordPress plugin Ganohrs Toggle Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2024-17247 · WordPress · Post Carousel & Slider
Name of the Vulnerable Software and Affected Versions: The Post Carousel & Slider plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode due to insufficient input sanitization and output...
PT-2024-17315 · WordPress · Stripe Donation Plugin
Name of the Vulnerable Software and Affected Versions: Stripe Donation plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stripe donation' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin Get Post Content Shortcode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-17602 · WordPress · Ganohrs Toggle Shortcode
Name of the Vulnerable Software and Affected Versions: Ganohrs Toggle Shortcode plugin for WordPress versions up to, and including, 0.2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode due to insufficient input sanitization and output escaping...
PT-2024-17595 · WordPress · Post To Pdf
Name of the Vulnerable Software and Affected Versions: Post to Pdf plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gmptp single post' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17636 · WordPress · Woocommerce Cart Count Shortcode
Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode plugin for WordPress versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the cart button shortcode. This...
PT-2024-17639 · WordPress · States Map Us
Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...
PT-2024-17313 · WordPress · Cricket Live Score
Name of the Vulnerable Software and Affected Versions: Cricket Live Score plugin for WordPress versions prior to 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cricket score' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17312 · WordPress · Kredeum Nfts
Name of the Vulnerable Software and Affected Versions: Kredeum NFTs versions up to, and including, 1.6.9 Description: The Kredeum NFTs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum opensky' shortcode due to insufficient input sanitization and output...