CVE-2023-5741

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5741

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Frontend File Manager < 22.7 - Editor+ Arbitrary File Download

Description The plugin has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as wp-config.php 1 Create new post with this shortcode - ffmwp 2 Go to new post and upload any file 3 After that go to main page of plugin for users...

Advanced iFrame < 2023.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-32295 · WordPress · Powr Plugin

Name of the Vulnerable Software and Affected Versions: POWR plugin for WordPress versions up to, and including, 2.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode due to insufficient input sanitization and output escaping on...

CVE-2023-28495

Cross-Site Request Forgery CSRF vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin = 1.4.16 versions...

CVE-2023-28495

CVE-2023-28495 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin WP Shortcode by MyThemeShop, version

CVE-2023-28495 WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin = 1.4.16 versions...

WordPress Plugin WP Shortcode by MyThemeShop Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-32579

Cross-Site Request Forgery CSRF vulnerability in Designs & Code Forget About Shortcode Buttons plugin = 2.1.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Designs & Code Forget About Shortcode Buttons plugin = 2.1.2 versions...

CVE-2023-32579 WordPress Forget About Shortcode Buttons plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability

A vulnerability in Code Amp Forget About Shortcode Buttons forget-about-shortcode-buttons.This issue affects Forget About Shortcode Buttons: from n/a through = 2.1.2...

CVE-2023-32579 WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control

Cross-Site Request Forgery CSRF vulnerability in Designs & Code Forget About Shortcode Buttons plugin = 2.1.2 versions...

CVE-2023-32579

CVE-2023-32579 affects the WordPress plugin Forget About Shortcode Buttons (designs & code) versions

WordPress Plugin Forget About Shortcode Buttons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-5709

The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5669

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5661

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5577

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-4842

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'socialwarfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...