CVE-2023-0489

The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0368

The Responsive Tabs For WPBakery Page Builder formerly Visual Composer WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...

CVE-2023-0489 SlideOnline <= 1.2.1 - Contributor+ Stored XSS

The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-2899 Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2023-2899 Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

PT-2023-22067 · WordPress · Google Map Shortcode

Name of the Vulnerable Software and Affected Versions: Google Map Shortcode WordPress plugin versions 3.1.2 and earlier Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...

WordPress Plugin Google Map Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Google Map Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Google Map Shortcode <= 3.1.2 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Sermon'e – Sermons Online <= 1.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35772 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2577a60ecf63 Credits Nguyen Xuan...

WordPress WP Matterport Shortcode Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Matterport Shortcode Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35094 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 896701a47def Credits yuyudhn Require...

MasterStudy LMS < 3.0.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0431

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Cross site scripting

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2023-0431

CVE-2023-0431 affects the File Away WordPress plugin (versions up to 3.9.9.0.1). The vulnerability is a Stored XSS due to insufficient validation/escaping of a shortcode attribute, enabling a contributor-level user to inject script. Public data show the vulnerability as existing and, per Wordfenc...

CVE-2023-23818

CVE-2023-23818 is a Stored XSS vulnerability in the WordPress plugin WP Register Profile With Shortcode (Aviplugins.Com) for versions

PT-2023-16265 · WordPress · File Away

Name of the Vulnerable Software and Affected Versions: File Away WordPress plugin versions 3.9.9.0.1 and earlier Description: The issue concerns a lack of validation and escaping of one of its shortcode attributes. This could allow users with a role as low as contributor to perform a Stored...

WordPress Plugin WP Register Profile With Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks PoC Run the below command in the developer console of the web browser while being on the blog as a...