PT-2024-23740 · Unknown +1 · Adsense Ads +1

Name of the Vulnerable Software and Affected Versions: Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for Remote Code Execution via the insert php shortcode due to the lack of restrictions on its...

PT-2024-20342 · WordPress · Website Content In Page/Post

Name of the Vulnerable Software and Affected Versions: Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 Description: The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes befor...

PT-2024-27891 · WordPress · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer plugin for WordPress versions up to, and including, 4.8 Description: The issue allows authenticated attackers with contributor-level and above permissions to include and execute arbitrary files on the server via the 'td block...

WordPress Collapse-O-Matic plugin <= 1.8.5.8 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Collapse-O-Matic versions = 1.8.5.8...

WordPress Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin <= 1.3.13 - Authenticated Arbitrary File Inclusion via Shortcode vulnerability

Authenticated Arbitrary File Inclusion via Shortcode vulnerability discovered by Foxyyy in WordPress Plugin Video Gallery versions = 1.3.13...

WordPress Shariff Wrapper plugin <= 4.6.13 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Shariff versions = 4.6.13...

WordPress Restaurant Menu and Food Ordering plugin <= 2.4.0 - Authenticated Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Stored Cross-Site Scripting via Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin Restaurant Menu – Food Ordering System – Table Reservation versions = 2.4.0...

CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2024-3977

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3977

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2024-3978 WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3978

The CVE CVE-2024-3978 concerns the WordPress Jitsi Shortcode plugin (&lt;= version 0.1). It does not validate or escape certain shortcode attributes, allowing stored XSS when the shortcode is embedded in a page/post by users with Contributor+ privileges. The vulnerability impact is described as S...

PT-2024-28666 · WordPress · Wordpress Jitsi Shortcode

Name of the Vulnerable Software and Affected Versions: WordPress Jitsi Shortcode WordPress plugin versions 0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

Restaurant Menu and Food Ordering < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...

PT-2024-35406 · WordPress · Download Manager Pro

Name of the Vulnerable Software and Affected Versions: Download Manager Pro plugin for WordPress versions up to, and including, 3.2.92 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in certain shortcodes, including wpdm user...