PT-2024-20689 · WordPress · Squelch Tabs/Accordions Shortcodes

Name of the Vulnerable Software and Affected Versions: Squelch Tabs and Accordions Shortcodes plugin for WordPress versions up to, and including, 0.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode due to insufficient input sanitization a...

WordPress Beaver Themer plugin <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode vulnerability

Authenticated Contributor+ Sensitive Information Exposure via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Themer versions = 1.4.9...

WordPress TaxoPress plugin <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Plugin TaxoPress versions = 3.12.0...

WordPress Modal Popup Box plugin <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in awlmodalpopupboxshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Modal Popup Box versions = 1.5.2...

PT-2024-22385 · WordPress · Wordpress Tag/Category Manager – Ai Autotagger

Name of the Vulnerable Software and Affected Versions: The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress versions up to, and including, 3.13.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin...

WordPress Plugin Modal Popup Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...

Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload

Description The Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, wi...

Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode

Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...

CVE-2024-2839

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This...

PT-2024-22409 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.263 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, such as heading type, in the plugin's 'colibr...

WordPress Favorites plugin <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Favorites versions = 2.3.3...

WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Ecwid Shopping Cart versions = 6.12.10...

WordPress WordPress File Upload plugin <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WordPress File Upload versions = 4.24.5...

Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and...

MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-31114 WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5...

CVE-2024-31114 WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5...

CVE-2024-31114

CVE-2024-31114 concerns the WordPress plugin group “Shortcode Addons” (Shortcode Addons: from n/a through 3.2.5). The connected exploit document confirms concrete technical details: an authenticated attacker with administrator-level access can abuse a missing file-type validation to perform an ar...

WordPress Plugin Shortcode Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...