CVE-2024-1362

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cpshortcoderefresh function. This makes it possible for unauthenticated attackers to execute arbitra...

CVE-2024-1362 Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh

The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cpshortcoderefresh function. This makes it possible for unauthenticated attackers to execute arbitra...

WordPress Plugin Colibri Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18326 · WordPress · The Archivist – Custom Archive Templates

Name of the Vulnerable Software and Affected Versions: The Archivist – Custom Archive Templates plugin for WordPress versions up to, and including, 1.7.5 Description: The issue is related to Reflected Cross-Site Scripting via the shortcode attributes parameter due to insufficient input sanitizati...

WordPress Tabs Shortcode and Widget Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Shortcode and Widget Type Plugin Vulnerable versions = 1.17 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0719 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b7bc2e300121 Credits Dmitrii Ignatyev...

Sassy Social Share < 3.3.57 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-15778 · WordPress · Tabs Shortcode/Widget

Name of the Vulnerable Software and Affected Versions: The Tabs Shortcode and Widget WordPress plugin versions 1.17 and earlier Description: The issue concerns the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and abo...

CVE-2024-1570 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...

CVE-2024-1510

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sutooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplie...

Shortcodes Ultimate < 7.0.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its sutooltip shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-18018 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.14.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode due to insufficient input sanitization and output escapi...

PT-2024-18140 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.14.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's login-password shortcode due to insufficient input sanitization and output escaping on...

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC otwshortcodetabslayout...

Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC otwshortcodebutton...

Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. otwshortcodebutton...

PT-2024-18051 · WordPress · Page Scroll To Id

Name of the Vulnerable Software and Affected Versions: Page scroll to id plugin for WordPress versions up to, and including, 1.7.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin'...

PT-2024-16355 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin for WordPress versions up to, and including, 7.1.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wcj product barcode' shortcode due to insufficient input sanitization and...

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install Formidable...

PT-2024-18102 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su tooltip shortcode due to insufficient input sanitization...

Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure

Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. PoC As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user...