WordPress Remote Content Shortcode Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Remote Content Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2089 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ad325574597 Credits Francesco Carlucci...

WordPress Jitsi Shortcode plugin <= 0.1 - Authenticated Stored XSS via Shortcode vulnerability

Authenticated Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Jitsi Shortcode versions = 0.1...

WordPress Jitsi Shortcode plugin <= 0.1 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Jitsi Shortcode versions = 0.1...

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

WordPress WP Photo Album Plus plugin <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Photo Album Plus versions = 8.7.00.003...

CVE-2024-5205

The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojsvideo shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, add a...

WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a shortcod...

WordPress Jitsi Shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Jitsi Shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3977 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f3124fb161a6 Credits Bob Matyas Required privileg...

WordPress Jitsi Shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Jitsi Shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3978 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ddc2b03e91f Credits Bob Matyas Required privileg...

PT-2024-26550 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's wpgmza shortcode. This allows authenticat...

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.32...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...

WordPress PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode versions = 1.7...

CVE-2024-3201 WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pplink' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-3065

CVE-2024-3065 concerns the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress. The description states it is vulnerable to Stored Cross-Site Scripting in all versions up to and including 1.7 due to insufficient input sanitization and output escaping. The vulnerabilit...