8996 matches found
CVE-2024-5867
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5869
CVE-2024-5869 refers to the Neighborly WordPress theme (
CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-5869 Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-5867
CVE-2024-5867 describes a Stored Cross-Site Scripting in the Delicate theme for WordPress via the link parameter of the Button shortcode, affecting all versions up to and including 3.5.5. The issue requires Contributor-level access or higher to exploit and can cause script execution on page load....
CVE-2024-8747 Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8747
CVE-2024-8747 affects the Email Obfuscate Shortcode WordPress plugin (versions
CVE-2024-5789 Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode
The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
WordPress Neighborly theme <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Neighborly versions = 1.4...
WordPress Tweaker5 theme <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Tweaker5 versions = 1.2...
WordPress Delicate theme <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Delicate versions = 3.5.5...
WordPress Triton Lite theme <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Triton Lite versions = 1.3...
WordPress Email Obfuscate Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Email Obfuscate Shortcode versions = 2.0...
CVE-2024-5628
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress Avada | Website Builder For WordPress & eCommerce plugin <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via fusionbutton Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Fusion Builder versions = 3.11.9...
PT-2024-37209 · WordPress · Tweaker5
Name of the Vulnerable Software and Affected Versions: Tweaker5 theme for WordPress versions up to, and including, 1.2 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with...
PT-2024-37155 · WordPress · Triton Lite
Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...
PT-2024-37206 · WordPress · Delicate Theme For Wordpress
Name of the Vulnerable Software and Affected Versions: Delicate theme for WordPress versions up to, and including, 3.5.5 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and output...
PT-2024-39222 · WordPress · Email Obfuscate Shortcode
Name of the Vulnerable Software and Affected Versions: Email Obfuscate Shortcode plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode due to insufficient input sanitization and output...
PT-2024-36778 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & eCommerce plugin for WordPress versions up to, and including, 3.11.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's fusion button shortcode due to insufficient input...