CVE-2024-10050 Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

WordPress Contact Form 7 - Repeatable Fields plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode vulnerability

WordPress Contact Form 7 - Repeatable Fields plugin = 2.0.1 - Authenticated Contributor+ Stored Cross-Site Scripting via fieldgroup Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form 7 - Repeatable Fields versions = 2.0.1...

WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...

PT-2024-15998 · Elementor · Elementor Header & Footer Builder

Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.43 Description: The issue allows authenticated attackers with Contributor-level access and above to view the contents of Draft, Private, and...

CVE-2024-10189

The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...

PT-2024-16103 · WordPress · The Anchor Episodes Index

Name of the Vulnerable Software and Affected Versions: The Anchor Episodes Index Spotify for Podcasters plugin for WordPress versions up to, and including, 2.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's anchor episodes shortcode due to insufficient input...

CVE-2024-49613

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through = 1.0...

CVE-2024-49613

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0...

CVE-2024-49613

CVE-2024-49613 describes an SQL Injection in the WordPress plugin Simple Code Insert Shortcode (vulnerable:

WordPress plugin Simple Code Insert Shortcode SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-9897

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-39923 · WordPress · Streamweasels Twitch Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...

WordPress StreamWeasels Twitch Integration plugin <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels Twitch Integration versions = 1.8.6...

WordPress Simple Code Insert Shortcode plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Simple Code Insert Shortcode versions = 1.0...

WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsaiosnapchat Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Click to Chat – WP Support All-in-One Floating Widget versions = 2.3.3...

CVE-2024-10055

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-9703

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

WordPress Arconix Shortcodes plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.12...

PT-2024-39770 · WordPress · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.12 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input...