8997 matches found
CVE-2024-11036
The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...
CVE-2024-11036
The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...
CVE-2024-11036 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings
The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...
CVE-2024-11036
CVE-2024-11036 concerns the WordPress plugin GamiPress (
CVE-2024-11036 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings
The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...
CVE-2024-11038 WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpbpcffirecontactform AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to...
CVE-2024-11038
The CVE-2024-11038 applies to the WordPress plugin WPB Popup for Contact Form 7 (1.7.5) as the corrective measure. If upgrading is not immediate, sources do not specify a separate workaround; the emphasis is on applying the patch to mitigate the risk. The EU/Red Hat entries corroborate the core v...
CVE-2024-11038 WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form
The The WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpbpcffirecontactform AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to...
CVE-2024-10268
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...
WordPress WPB Popup for Contact Form 7 plugin <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form vulnerability
Unauthenticated Arbitrary Shortcode Execution via wpbpcffirecontactform vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPB Popup for Contact Form 7 versions = 1.7.5...
WordPress GamiPress plugin <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings vulnerability
Unauthenticated Arbitrary Shortcode Execution via gamipressgetuserearnings vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin GamiPress versions = 7.1.5...
WordPress plugin Geoportail Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-16147 · Sonaar · Mp3 Audio Player – Music Player
Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sonaar audioplayer shortcode due t...
WordPress plugin Embed documents shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
WordPress plugin Semantic Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress plugin Boombox Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-34970 · Unknown · Sazzad Hu Image Carousel Shortcode
Name of the Vulnerable Software and Affected Versions: Sazzad Hu Image Carousel Shortcode versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This means that the...
PT-2024-34954 · Unknown · Boombox Shortcode
Name of the Vulnerable Software and Affected Versions: Boombox Shortcode versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to...
WordPress plugin WPB Popup for Contact Form 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2024-16721 · WordPress · Wpb Popup For Contact Form 7
Name of the Vulnerable Software and Affected Versions: WPB Popup for Contact Form 7 versions 1.7.5 and earlier Description: The issue is related to arbitrary shortcode execution via the wpb pcf fire contact form AJAX action. This is due to the software allowing users to execute an action that doe...