CVE-2024-4160

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

WordPress WPCafe plugin <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Reservation Form Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WPCafe versions = 2.2.24...

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC paypalbutton type="addtocart...

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following shortcode ...

DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following shortcode to a...

CVE-2024-2089 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-2089 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

WordPress Simple Like Page Plugin plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Simple Like Page versions = 1.5.2...

PT-2024-30600 · WordPress · List Categories

Name of the Vulnerable Software and Affected Versions: List categories plugin for WordPress versions up to, and including, 0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'categories' shortcode. This allows...

WordPress plugin Remote Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Remote Content...

PT-2024-27424 · WordPress · Login Logout Register Menu

Name of the Vulnerable Software and Affected Versions: Login Logout Register Menu plugin for WordPress versions up to, and including, 2.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'llrmloginlogout' shortcode...

PT-2024-18802 · WordPress · Remote Content Shortcode

Name of the Vulnerable Software and Affected Versions: Remote Content Shortcode plugin for WordPress versions up to, and including, 1.5 Description: The issue is related to Stored Cross-Site Scripting via the 'remote content' shortcode due to insufficient input sanitization and output escaping on...

WordPress Remote Content Shortcode plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Remote Content Shortcode versions = 1.5...

WordPress List categories plugin <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin List categories versions = 0.4...

CVE-2024-5039

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2024-5039 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress HUSKY plugin <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin HUSKY versions = 1.3.5.3...