CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode

The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers, with...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957

Booster for WooCommerce (CVE-2024-3957) allows unauthenticated arbitrary shortcode execution in versions up to 7.1.8. Wordfence notes the issue as a patched vulnerability, with CVSS v3.1 base score 7.3 (HIGH) and no user interaction required. Connected documents confirm the affected software and ...

CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode

The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.2 via deserialization via shortcode of untrusted input from the 'awllgsettings'...

CVE-2024-1896

CVE-2024-1896 affects the WordPress plugin Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery. It allows PHP Object Injection via deserialization of untrusted input in the shortcode attribute awl_lg_settings_ for versions up to 1.4.1. An auth...

WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsitefollowusbadges Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin Follow Us Badges versions = 3.1.10...

WordPress WP Recipe Maker plugin <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode vulnerability discovered by stealthcopter in WordPress Plugin WP Recipe Maker versions = 9.3.1...

PT-2024-28758 · WordPress · Wordpress Header Builder Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Header Builder Plugin – Pearl plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stm hb' shortcode due to insufficient input sanitization and...

PT-2024-27485 · Woocommerce · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin versions up to, and including, 1.4.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depe...

PT-2024-27133 · WordPress · Leaflet Maps Marker

Name of the Vulnerable Software and Affected Versions: Leaflet Maps Marker plugin for WordPress versions up to, and including, 3.12.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes, such as...

PT-2024-15183 · WordPress · Collapse-O-Matic

Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'expand' shortcode due to insufficient input sanitization and output escaping on th...

PT-2024-28534 · Woocommerce · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin versions up to, and including, 7.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depend on what other plugins are...

PT-2024-25232 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode due to insufficient input sanitization an...

PT-2024-24873 · WordPress · Follow Us Badges

Name of the Vulnerable Software and Affected Versions: Follow Us Badges plugin for WordPress versions up to, and including, 3.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpsite follow us badges shortcode due to insufficient input sanitization and output...

PT-2024-28469 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with subscriber access or higher to modify the plugin's settings a...

WordPress plugin Grid Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...