8997 matches found
WordPress Semantic Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Semantic Shortcode versions = 1.0.1...
WordPress Geoportail Shortcode plugin <= 2.4.4 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Geoportail Shortcode versions = 2.4.4...
WordPress Shortcode Collection plugin <= 1.4 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Shortcode Collection versions = 1.4...
WordPress Image Carousel Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Image Carousel Shortcode versions = 1.2...
WordPress Boombox Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Boombox Shortcode versions = 1.0.0...
WordPress Add Ribbon Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Add Ribbon Shortcode versions = 1.0.1...
WordPress Moka Get Posts Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Moka Get Posts Shortcode versions = 1.0...
CVE-2024-10187
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycredlink shortcode in all version...
WordPress Postcasa Shortcode Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Postcasa Shortcode Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52352 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 44c29bb28d2e Credits SOPROBRO Required privilege Contributor...
WordPress plugin Simple Shortcode for Google Maps 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A security vulnerability exists ...
WordPress Boombox Shortcode Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Boombox Shortcode Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51827 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d4ad6509bc56 Credits SOPROBRO Required privilege Contributo...
WordPress Geoportail Shortcode Plugin <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)
Software Geoportail Shortcode Type Plugin Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51890 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a1d7a21babab Credits SOPROBRO Required privilege...
WordPress Add Ribbon Shortcode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Add Ribbon Shortcode Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51823 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6ef3422f82e1 Credits SOPROBRO Required privilege...
WordPress Semantic Shortcode Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Semantic Shortcode Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51898 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3185742b0c99 Credits SOPROBRO Required privilege Contribut...
PT-2024-16443 · WordPress · Content Slider Block
Name of the Vulnerable Software and Affected Versions: Content Slider Block plugin for WordPress versions prior to 3.1.6 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, or draft posts via the csb...
PT-2024-16445 · WordPress · Countdown Timer Block Plugin
Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...
PT-2024-16102 · WordPress · Mycred
Name of the Vulnerable Software and Affected Versions: myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce versions up to, and including, 2.7.4 Description: The myCred plugin is vulnerable to Stored Cross-Site Scripting via the plugin's mycred link shortcode due to insufficie...
WordPress Moka Get Posts Shortcode Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Moka Get Posts Shortcode Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51804 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6ae6cd5a20b Credits SOPROBRO Required privilege...
PT-2024-39521 · WordPress · The User Meta
Name of the Vulnerable Software and Affected Versions: The User Meta – User Profile Builder and User management plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Insecure Direct Object Reference, which can be exploited by authenticated attackers with...
WordPress Shortcode Collection Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)
Software Shortcode Collection Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51864 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79b02ce6496 Credits SOPROBRO Required privilege Contribut...