CVE-2024-2871

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2024-2847

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-2783

The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escapin...

CVE-2024-2783

The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escapin...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2436

The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-1424

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-0872

The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta data which ca...

CVE-2023-6965

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode...

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

CVE-2023-6993

The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values...

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

CVE-2023-6967

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

CVE-2023-6695

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

CVE-2023-6965 Pods - Custom Content Types and Fields - Missing Authorization

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode...

CVE-2023-6965

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode...

CVE-2023-6967 Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

WordPress Forminator plugin <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via forminatorform Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Forminator versions = 1.29.2...

PT-2024-15053 · WordPress · Beaver Themer

Name of the Vulnerable Software and Affected Versions: Beaver Themer plugin for WordPress versions up to, and including, 1.4.9 Description: The issue allows authenticated attackers with contributor access and above to extract sensitive data, including arbitrary user meta values, via the 'wpbb'...