8994 matches found
WordPress plugin WP Ultimate Post Grid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-31746 · WordPress · Layerslider
Name of the Vulnerable Software and Affected Versions: LayerSlider plugin for WordPress version 7.11.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ls search form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...
PT-2024-24355 · WordPress · Wp Dsgvo Tools
Name of the Vulnerable Software and Affected Versions: WP DSGVO Tools GDPR plugin for WordPress versions up to, and including, 3.1.32 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'pp link' shortcode due to insufficient input sanitization and output escaping on...
WP Photo Album Plus < 8.7.00.004 - Unauthenticated Arbitrary Shortcode Execution
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcod...
WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...
CVE-2024-4261
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-4261 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-4261
CVE-2024-4261 affects the Responsive Contact Form Builder & Lead Generation Plugin for WordPress, enabling authenticated users with subscriber+ privileges to execute arbitrary shortcodes via improper validation in do_shortcode. The Red Hat entry corroborates the issue and the Wordfence summary no...
CVE-2024-4362
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-3671 Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it possible for...
WordPress SiteOrigin Widgets Bundle plugin <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode vulnerability
WordPress SiteOrigin Widgets Bundle plugin = 1.60.0 - - Authenticated Contributor+ Stored Cross-Site Scripting via 'siteoriginwidget' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.60.0...
WordPress WP Font Awesome Share Icons plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin WP Font Awesome Share Icons versions = 1.1.1...
CVE-2024-3518
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...
PT-2024-32840 · WordPress · Jquery T(-) Countdown Widget
Name of the Vulnerable Software and Affected Versions: jQuery T- Countdown Widget plugin for WordPress versions up to, and including, 2.3.25 Description: The issue is related to Stored Cross-Site Scripting via the plugin's tminus shortcode due to insufficient input sanitization and output escapin...
WP DSGVO Tools (GDPR) < 3.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pplink' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-4553
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...
CVE-2024-3345
The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3345
CVE-2024-3345 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg (formerly WooLentor). The WordPress ShopLentor plugin is vulnerable to Stored Cross-Site Scripting via the woolentorsearch shortcode due to insufficient input sanitization and output escaping on user-supplied attribu...
WordPress Page Builder by SiteOrigin plugin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'siteoriginwidget' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Page Builder by SiteOrigin versions = 2.29.15...
WordPress ShopLentor plugin <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin ShopLentor versions = 2.8.8...