PT-2024-35371 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ultimate dual color shortcode due to insufficient input sanitizatio...

PT-2024-35353 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ultimate info table shortcode due to insufficient input sanitizatio...

PT-2024-35359 · WordPress · Ultimate Addons For Wpbakery

Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ult team shortcode due to insufficient input sanitization and outpu...

CVE-2024-2691

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on use...

WordPress WP Event Manager plugin <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'events' Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Event Manager versions = 3.1.43...

PT-2024-21575 · WordPress · Wp Event Manager

Name of the Vulnerable Software and Affected Versions: The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress versions up to, and including, 3.1.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'events' shortco...

CVE-2024-3919

The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3919

The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3710

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...

PT-2024-27298 · WordPress · Image Photo Gallery Final Tiles Grid

Name of the Vulnerable Software and Affected Versions: Image Photo Gallery Final Tiles Grid WordPress plugin versions prior to 3.6.0 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege use...

PT-2024-28383 · WordPress · Openpgp Form Encryption

Name of the Vulnerable Software and Affected Versions: OpenPGP Form Encryption for WordPress plugin version 1.5.0 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...

CVE-2024-2430

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-6256

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-36330 · WordPress · Bible Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Bible Text WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perfo...

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WPCS versions = 1.2.0.3...

WordPress Animated Typed JS Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Animated Typed JS Shortcode versions = 2.0...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.0...