WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

ShopLentor < 2.8.9 - Contributor+ Stored XSS via woolentorsearch Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

PT-2024-30604 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.29.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'siteorigin widget' shortcode due to insufficient input sanitization and...

PT-2024-31684 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'su members' shortcode due to insufficient input sanitization and output escaping ...

PT-2024-31214 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms slide info' shortcode due to insufficient input...

PT-2024-32408 · WordPress · Ubermenu

Name of the Vulnerable Software and Affected Versions: UberMenu plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

PT-2024-27890 · WordPress · Salient Core

Name of the Vulnerable Software and Affected Versions: Salient Core plugin for WordPress versions up to, and including, 2.0.7 Description: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion via the nectar icon shortcode icon linea attribute. This allows authenticated...

PT-2024-27329 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'give form' shortcode when used with a legacy form. This is due to...

CVE-2023-45652

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

WordPress Swift Framework plugin < 2024.0.0 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Swift Framework Page Builder versions 2024.0.0...

CVE-2024-2697

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2024-2697

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2024-2697 Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against...

WordPress plugin Remote Content Shortcode 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

WordPress Plugin Swift Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-4838

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...