WordPress WP Simple Anchors Links plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpanchor Shortcode vulnerability discovered by theviper17y in WordPress Plugin WP Simple Anchors Links versions = 1.0.0...

CVE-2024-8444

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting...

CVE-2024-10223

CVE-2024-10223 affects the WP Team – WordPress Team Member Plugin up to version 1.1.4. The vulnerability is a Stored Cross-Site Scripting (XSS) via the htteamember shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. It requires authenticated access at...

CVE-2024-10108 WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-8444

CVE-2024-8444 concerns the WordPress Download Manager plugin prior to version 3.3.00. The vulnerability arises because certain shortcode parameters aren’t properly sanitized, enabling a cross-site scripting (XSS) issue. Affected product: Download Manager WordPress plugin (versions

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8627

The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9846

CVE-2024-9846: Enable Shortcodes inside Widgets,Comments and Experts (WordPress) Affected: WordPress plugin Enable Shortcodes inside Widgets,Comments and Experts (

PT-2024-39912 · WordPress · Wp Baidu Map

Name of the Vulnerable Software and Affected Versions: WP Baidu Map plugin for WordPress versions up to, and including, 1.2.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the baidu map shortcode. This allows authenticated...

PT-2024-39639 · WordPress · Wp Simple Anchors Links

Name of the Vulnerable Software and Affected Versions: WP Simple Anchors Links plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpanchor shortcode due to insufficient input sanitization and output escaping ...

PT-2024-16124 · WordPress · Wp Team – Wordpress Team Member Plugin

Name of the Vulnerable Software and Affected Versions: WP Team – WordPress Team Member Plugin versions up to, and including, 1.1.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's htteamember shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39017 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.3.00 Description: The issue is related to the Download Manager WordPress plugin, where some shortcode parameters are not properly sanitized, leading to cross-site scripting. Recommendation...

WordPress plugin Widget or Sidebar Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

PT-2024-39911 · WordPress · Widget/Sidebar Shortcode

Name of the Vulnerable Software and Affected Versions: Widget or Sidebar Shortcode plugin for WordPress versions up to and including 0.6.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'sidebar' shortcode, allowi...

WordPress HT Team Member plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via htteamember Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via htteamember Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin HT Team Member versions = 1.1.4...

WordPress WPAdverts plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode vulnerability

Unauthenticated Stored Cross-Site Scripting via advertsadd Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPAdverts versions = 2.1.6...

WordPress Widget or Sidebar Shortcode plugin <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin Widget or Sidebar Shortcode versions = 0.6.1...

WordPress T(-) Countdown plugin <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by theviper17y in WordPress Plugin T- Countdown versions = 2.4.8...