8992 matches found
CVE-2023-5567
The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4888
The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5507
The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5743
The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5658
The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
PT-2023-32189 · Bitly · Bitly'S Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Bitly's plugin for WordPress versions up to, and including, 2.7.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode due to insufficient input sanitization and output escaping on user-supplie...
PT-2023-30839 · WordPress · Social Warfare
Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin - Social Warfare plugin for WordPress versions up to, and including, 4.4.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'social warfare'...
PT-2023-32141 · WordPress · Imagemapper
Name of the Vulnerable Software and Affected Versions: ImageMapper plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'imagemap' shortcode, allowing authenticated...
PT-2023-32243 · WordPress · Wp Mapit
Name of the Vulnerable Software and Affected Versions: WP MapIt plugin for WordPress versions up to, and including, 2.7.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'wp mapit' shortcode. This allows authenticated...
PT-2023-32182 · WordPress · Qr Code Tag
Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...
CVE-2022-47432
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...
CVE-2022-47432
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...
CVE-2022-47432
CVE-2022-47432 is a SQL Injection in the WordPress plugin Shortcode IMDB (versions up to 6.0.8). Root cause, per description, is improper neutralization of elements in SQL commands. Affected software: Shortcode IMDB
CVE-2022-47432 WordPress Shortcode IMDB Plugin <= 6.0.8 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8...
Mmm Simple File List <= 2.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an admin user, visit the...
Bookly < 22.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an admin user, visit the Bookly...
CVE-2023-5707
The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Plugin SEO Slider Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin SEO Slider 1.1.0 and...