PT-2024-15093 · WordPress · Custom Fields Shortcode Plugin

Name of the Vulnerable Software and Affected Versions: Custom fields shortcode plugin for WordPress version 0.1 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied custom post meta values, allowing authenticated attackers with...

WP Go Maps (formerly WP Google Maps) < 9.0.33 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Plugin Custom fields shortcode security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin WP Go Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18148 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.32 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'wpgmza' shortcode, allowing authenticate...

PT-2024-18643 · Wpforms +2 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplie...

PT-2024-18445 · WordPress · The Logo Showcase Ultimate

Name of the Vulnerable Software and Affected Versions: The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress versions up to, and including, 1.3.8 Description: The issue allows authenticated attackers with contributor access and above to inject a PHP Object via...

CVE-2024-2031

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoomrecordingsbymeeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-15946 · WordPress · Shariff Wrapper

Name of the Vulnerable Software and Affected Versions: Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17731 · WordPress · The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Name of the Vulnerable Software and Affected Versions: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions up to, and including, 6.5.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

CVE-2024-1290

CVE-2024-1290 affects the WordPress Formidable Registration plugin (

CVE-2024-1987

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cross site scripting

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

OneClick Chat to Order < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Metform Elementor Contact Form Builder < 3.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-1534

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Plugin Restaurant Reservations Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Pz-LinkCard < 2.5.3 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the "Class ID to be Added for PC" setting of the plugin...

Database for Contact Form 7, WPforms, Elementor forms < 1.3.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-0698

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...