8991 matches found
CVE-2023-45643
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643
CVE-2023-45643 : Cross-Site Request Forgery (CSRF) in the WordPress plugin “CPT Shortcode Generator” (≤1.0). Connected sources consistently describe CSRF as the vulnerability, with the exploit requiring no privileges but user interaction in some tiers, and unauthenticated access reported by some ...
WordPress Plugin CPT Shortcode Generator Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Vrm 360 3D Model Viewer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress plugin WP Matterport Shortcode Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Testimonial Slider Shortcode Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
PT-2023-9953 · WordPress · Halulu Simple-Download-Button-Shortcode Plugin
Name of the Vulnerable Software and Affected Versions: Halulu simple-download-button-shortcode Plugin version 1.0 Description: A vulnerability has been found in the Halulu simple-download-button-shortcode Plugin on WordPress. The issue affects an unknown function of the file simple-download-butto...
WordPress plugin WP Matterport Shortcode Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-28628 · WordPress · Wp Matterport Shortcode
Name of the Vulnerable Software and Affected Versions: WP Matterport Shortcode WordPress plugin versions prior to 2.1.8 Description: The issue is related to the WP Matterport Shortcode WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them bac...
PT-2023-30035 · WordPress · Simple Posts Ticker
Name of the Vulnerable Software and Affected Versions: The Simple Posts Ticker WordPress plugin versions prior to 1.1.6 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...
CVE-2023-4995
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WP < 6.3.2 - Subscriber+ Arbitrary Shortcode Execution
Description WordPress does not restrict which shortcode can be excuted via the parsemediashortcode AJAX action, allowing any authenticated user, such as subscriber to execute arbitrary shortcodes...
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
The newest WordPress patch includes fixes for 8 Medium-Severity security issues, several of which are trivial to exploit. WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While...
WordPress 6.3.2 Security Release – What You Need to Know
WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While all of the vulnerabilities are of Medium severity, several of them are impactful enough to potentially allow site takeove...
CVE-2023-5470
The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software CPT Shortcode Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8bfa1d036efa Credits Lokesh Dachepalli...