WordPress plugin CodePen Embedded Pens Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

CVE-2024-10117

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfdonate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-10117 WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode

The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfdonate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-9772

CVE-2024-9772 concerns WordPress, specifically the UIX Shortcodes plugin (versions up to 1.9.9; some sources also cite 1.9.7). The vulnerability allows unauthenticated attackers to perform arbitrary shortcode execution by exploiting improper validation when running do_shortcode, via an action exp...

CVE-2024-9967

The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's showmore shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-39965 · WordPress · Wp Show More

Name of the Vulnerable Software and Affected Versions: WP show more plugin for WordPress versions up to, and including, 1.0.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's show more shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16039 · WordPress · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wpcf donate shortcode. This allows...

CVE-2024-10150

The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10148

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

PT-2024-16034 · WordPress · Simplenews

Name of the Vulnerable Software and Affected Versions: Simple News plugin for WordPress versions up to, and including, 2.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'news' shortcode. This allows authenticated...

PT-2024-16065 · WordPress · Bamazoo – Button Generator

Name of the Vulnerable Software and Affected Versions: Bamazoo – Button Generator plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dgs shortcode. This allows...

PT-2024-16064 · WordPress · Awesome Buttons

Name of the Vulnerable Software and Affected Versions: Awesome buttons plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's btn2 shortcode due to insufficient input sanitization and output escaping on user-suppli...

WordPress Simple News plugin <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via news Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple News versions = 2.8...

CVE-2024-10180

The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.2...