CVE-2023-5201

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to be...

Remote code execution

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to be...

CVE-2023-5201 OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to be...

CVE-2023-5201 OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the php shortcode setting to be...

PT-2023-31908 · WordPress · Openhook

Name of the Vulnerable Software and Affected Versions: OpenHook plugin for WordPress versions up to, and including, 4.3.0 Description: The issue allows authenticated attackers with subscriber-level permissions or above to execute code on the server via the php shortcode. This requires the php...

CVE-2023-5233

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5230

The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tmwoowishlisttable' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5232

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Font Awesome Integration <= 5.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not sufficiently sanitize and escape user-supplied attributes in the 'fawesome' shortcode, which can lead to the injection of arbitrary web scripts on pages accessed by users...

CVE-2023-5135

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2023-31959 · WordPress · Tm Woocommerce Compare & Wishlist

Name of the Vulnerable Software and Affected Versions: TM WooCommerce Compare & Wishlist plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the 'tm woo wishlist table' shortcode due to insufficient input sanitization and...

Collapse-O-Matic <= 1.8.5.5 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor user create a new post and add a shortcode containing the following payload: expand elwraptag="img...

PT-2023-31961 · WordPress · Font Awesome More Icons

Name of the Vulnerable Software and Affected Versions: Font Awesome More Icons plugin for WordPress versions up to, and including, 3.5 Description: The issue is related to Stored Cross-Site Scripting via the icon shortcode due to insufficient input sanitization and output escaping on user-supplie...

Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...

User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS

Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. As a Contributor+ create a new post and add one of the following shortcode. avatar user="admin"...

Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Add a post with the shortcode:...

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a non-existent...

WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

WP Matterport Shortcode < 2.1.7 - Reflected XSS

Description The plugin does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin Make a logged in admin open https://example.com/wp-admin/admin.php/"/?page=wpms-opti...

CVE-2023-5134 Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode

The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erformsusermeta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...