PT-2023-16466 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: The Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages. This is...

PT-2023-16467 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages using the fna...

PT-2023-16465 · WordPress · Metform Elementor Contact Form Builder

Name of the Vulnerable Software and Affected Versions: Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 Description: The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages using the mf...

Metform Elementor Contact Form Builder < 3.3.1 - Multiple Contributor+ Stored XSS via Shortcode

The plugin does not properly sanitize and escape user input when processed by many of its shortcodes, which could enable users with contributor privileges to conduct Stored Cross-Site Scripting attacks on the site. Affected shortcodes include mf, mffirstname, mflastname, and mfthankyou...

PT-2023-11851 · WordPress · Kingcomposer

Name of the Vulnerable Software and Affected Versions: The Page Builder: KingComposer plugin for WordPress versions prior to 2.9.4 Description: The issue is related to Stored Cross-Site Scripting via shortcode due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2023-0152

The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

Code injection

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2022-4946 Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

CVE-2022-4946

CVE-2022-4946 affects the Frontend Post WordPress Plugin (versions

CVE-2022-4946 Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain...

WordPress Plugin Frontend Post 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

PT-2023-16041 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multi Store Locator WordPress plugin versions prior to 2.5 Description: The issue concerns the WP Multi Store Locator WordPress plugin, which does not properly validate and escape certain shortcode attributes. This could allow users with t...

PT-2023-15932 · WordPress · Frontend Post Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Frontend Post WordPress Plugin versions through 2.8.4 Description: The issue concerns a lack of validation for an attribute in one of the plugin's shortcodes. This could allow users with a role as low as contributor to add a malicious shortco...

CVE-2023-3051

The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azhpost' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web...

PT-2023-22740 · Azexo · The Page Builder By Azexo

Name of the Vulnerable Software and Affected Versions: The Page Builder by AZEXO plugin for WordPress versions up to, and including, 1.27.133 Description: The issue is related to Stored Cross-Site Scripting via the azh post shortcode due to insufficient input sanitization and output escaping. Thi...

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2304

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2304 Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userfavorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...