CVE-2024-11034

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-11228

CVE-2024-11228 affects the WordPress plugin pgall-for-woocommerce (워드프레스 결제 심플페이 – 우커머스 결제 플러그인)

CVE-2024-11231 우커머스 네이버페이 <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via mnp_purchase Shortcode

The 우커머스 네이버페이 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnppurchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-11034 Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form

The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via firecontactform AJAX action in all versions up to, and including, 1.4. This is due to the software...

CVE-2024-11034

The CVE-2024-11034 entry concerns the WordPress plugin “Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation.” Connected sources confirm that all versions up to and including 1.4 are vulnerable to arbitrary shortcode execution via the...

WordPress 워드프레스 결제 심플페이 plugin <= 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting pafw_instant_payment Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting pafwinstantpayment Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.1.4...

WordPress Request a Quote for WooCommerce and Elementor plugin <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form vulnerability

Unauthenticated Arbitrary Shortcode Execution via firecontactform vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Request a Quote for WooCommerce and Elementor versions = 1.4...

CVE-2024-10886 Tribute Testimonials – WordPress Testimonial Grid/Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Tribute Testimonials – WordPress Testimonial Grid/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tributetestimonialsslider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user...

PT-2024-16816 · WordPress · Rescue Shortcodes

Name of the Vulnerable Software and Affected Versions: Rescue Shortcodes plugin for WordPress versions up to, and including, 2.9 Description: The issue is related to Stored Cross-Site Scripting via the rescue progressbar shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16719 · WordPress · Request A Quote For Woocommerce/Elementor – Get A Quote Button – Product Enquiry Form Popup – Product Quotation

Name of the Vulnerable Software and Affected Versions: The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress versions up to, and including, 1.4 Description: The issue allows arbitrary shortcode execution via th...

PT-2024-16846 · WordPress · 우커머스 네이버페이

Name of the Vulnerable Software and Affected Versions: 우커머스 네이버페이 plugin for WordPress versions up to, and including, 3.3.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mnp purchase shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16841 · WordPress · Memberlite Shortcodes

Name of the Vulnerable Software and Affected Versions: Memberlite Shortcodes plugin for WordPress versions up to, and including, 1.3.9 Description: The issue is related to Stored Cross-Site Scripting via the memberlite accordion shortcode due to insufficient input sanitization and output escaping...

PT-2024-16981 · WordPress · The Autolisticle

Name of the Vulnerable Software and Affected Versions: The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode due to...

PT-2024-16965 · WordPress · Slotti Ajanvaraus

Name of the Vulnerable Software and Affected Versions: Slotti Ajanvaraus plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'slotti' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16951 · WordPress · Easy Liveblogs

Name of the Vulnerable Software and Affected Versions: Easy Liveblogs plugin for WordPress versions up to, and including, 2.3.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'elb liveblog' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-11388

The Dino Game – Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10172

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2024-10696

CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions