CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode

The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2023-0366 Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4786 Video.js - HTML5 Video Player for WordPress <= 4.5.0 - Contributor+ Stored XSS via Shortcode

The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4764 Simple File Downloader <= 1.0.4 - Contributor+ Stored XSS via Shortcode

The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2022-4752 Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode

The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4752 Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode

The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4784 Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode

The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622 Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4785 Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode

The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4761 Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode

The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4777 Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0067 Timed Content < 2.73 - Contributor+ Stored XSS

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4669 Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode

The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

WordPress Plugin WP Dark Mode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Youzify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Smart Logo Showcase Lite <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC smlsgutenblock heading='XSS'...

PT-2023-16304 · WordPress · Product Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: GS Products Slider for WooCommerce WordPress plugin versions prior to 1.5.9 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

PT-2023-15380 · WordPress · Wp Responsive Testimonials Slider/Widget

Name of the Vulnerable Software and Affected Versions: WP Responsive Testimonials Slider And Widget WordPress plugin versions 1.5 and earlier Description: The issue concerns the WP Responsive Testimonials Slider And Widget WordPress plugin, which does not properly validate and escape some of its...

WordPress Plugin Markup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...