PT-2024-15053 · WordPress · Beaver Themer

Name of the Vulnerable Software and Affected Versions: Beaver Themer plugin for WordPress versions up to, and including, 1.4.9 Description: The issue allows authenticated attackers with contributor access and above to extract sensitive data, including arbitrary user meta values, via the 'wpbb'...

PT-2024-23458 · WordPress · The Forminator Forms

Name of the Vulnerable Software and Affected Versions: The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.29.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

PT-2024-24754 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the bt ...

PT-2024-18478 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions up to, and including, 5.3.1.0 Description: The issue is related to blind SQL Injection via the id parameter of the RM Form...

PT-2024-18400 · WordPress · Easy Property Listings

Name of the Vulnerable Software and Affected Versions: Easy Property Listings plugin for WordPress versions up to, and including, 3.5.2 Description: The issue is related to time-based SQL Injection via the property status shortcode attribute. This is due to insufficient escaping on the...

WordPress Plugin Beaver Themer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15147 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2. Description: The issue is related to Missing Authorization, which allows authenticated attackers wi...

PT-2024-20372 · WordPress · Lightweight Accordion

Name of the Vulnerable Software and Affected Versions: Lightweight Accordion plugin for WordPress versions up to, and including, 1.5.16 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user...

PT-2024-20450 · WordPress · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.12.10 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

PT-2024-18034 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.5.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in...

PT-2024-15170 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue allows authenticated attackers with contributor level access or higher to...

PT-2024-15882 · WordPress · Watu Quiz

Name of the Vulnerable Software and Affected Versions: Watu Quiz plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-22441 · WordPress · The Betterdocs

Name of the Vulnerable Software and Affected Versions: The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg versions up to, and including, 3.4.2 Description: The issue arises from insufficient input sanitization and output...

PT-2024-18638 · WordPress · Passster

Name of the Vulnerable Software and Affected Versions: Passster plugin for WordPress versions up to, and including, 4.2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's content protector shortcode due to insufficient input sanitization and output escaping on...

WordPress RSS Aggregator by Feedzy plugin <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Error Message vulnerability discovered by Colin Xu in WordPress Plugin Feedzy versions = 4.3.3...

WordPress Powerkit plugin <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Powerkit versions = 2.9.1...

WordPress Bold Page Builder plugin <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via btbbpricelist Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Bold Page Builder versions = 4.8.8...

WordPress EmbedPress plugin <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin EmbedPress versions = 3.9.14...

ElementsKit Elementor addons < 3.0.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output...