PT-2024-23784 · Unknown · Shortcode Addons

Name of the Vulnerable Software and Affected Versions: Shortcode Addons versions 3.2.5 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons. Recommendations: For versions 3.2.5 and earlier, update to a...

PT-2024-22922 · WordPress · Favorites

Name of the Vulnerable Software and Affected Versions: The Favorites plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'user favorites' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16330 · WordPress · List Category Posts Plugin

Name of the Vulnerable Software and Affected Versions: List category posts plugin for WordPress versions up to, and including, 0.89.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-22153 · WordPress · Editorskit

Name of the Vulnerable Software and Affected Versions: Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress versions up to, and including, 1.40.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode due to insufficient input...

WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Shortcode Addons versions = 3.2.5...

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

WordPress Button plugin <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in buttonshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Button versions = 1.1.27...

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) Remote Code Execution via Shortcode vulnerability

Authenticated Contributor+ Remote Code Execution via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

Pods < 3.1 - Contributor+ Remote Code Execution

Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...

WordPress File Upload < 4.24.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Shortcode Addons Plugin <= 3.2.5 is vulnerable to Arbitrary File Upload

Software Shortcode Addons Type Plugin Vulnerable versions = 3.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31114 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 25bf030daa64 Credits Peng Zhou Required privilege Administrator...

Pods < 3.1 - Contributor+ SQLi

Description The plugin is vulnerable to SQL Injection via shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append...

PT-2024-18380 · WordPress · The Button

Name of the Vulnerable Software and Affected Versions: The Button plugin for WordPress versions up to, and including, 1.1.28 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the button shortcode function. This allows authenticated attackers with...

Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.2.0 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user...

CVE-2024-1564

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564

The CVE-2024-1564 entry concerns the wp-schema-pro WordPress plugin. Affected versions prior to 2.7.16 do not validate post access, enabling a Contributor-level user to read custom fields on any post (regardless of post type or status) by using a shortcode. The underlying issue is a missing autho...

CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

NPS computy < 2.7.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Settings NPS Monitoring" 2...