CVE-2023-6884

This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with...

CVE-2023-6526

The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This make...

WordPress plugin WP Recipe Maker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15415 · WordPress · Wp Recipe Maker

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wprm-recipe-text-share shortcode. This allows...

PT-2024-15119 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress plugin versions up to, and including, 3.1 Description: The plugin is vulnerable to Stored Cross-Site Scripting via its shortcode due to insufficient input sanitization and output escaping on the place id attribute. This allows...

PT-2024-15157 · WordPress · Display Custom Fields In The Frontend – Post/User Profile Fields

Name of the Vulnerable Software and Affected Versions: Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with contributor-level access and above to retrieve potential...

PT-2024-15516 · WordPress · Wp Recipe Maker

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to the unrestricted use of the header tag attribute. This allows...

PT-2024-15168 · WordPress · Display Custom Fields In The Frontend – Post/User Profile Fields

Name of the Vulnerable Software and Affected Versions: Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress versions up to, and including, 1.2.1 Description: The issue arises from insufficient input validation and restriction on access to the vg display data...

PT-2024-15156 · WordPress · Display Custom Fields In The Frontend – Post/User Profile Fields

Name of the Vulnerable Software and Affected Versions: Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcode and postmeta due to...

WordPress plugin WP Recipe Maker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-0963

The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CPCALCULATEDFIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it...

PT-2024-15943 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 1.2.52 Description: The issue is related to Stored Cross-Site Scripting via the plugin's CP CALCULATED FIELDS shortcode due to insufficient input sanitization and outp...

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Fancy Comments WordPress < 1.2.15 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

Advanced iFrame < 2024.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its advancediframe shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

UserPro < 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-6530

The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...