189 matches found
WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...
CVE-2024-3811
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin Salient Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Themify Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in the WordPress plugi...
CVE-2024-4567
CVE-2024-4567 (Themify Shortcodes) is a stored XSS in the Themify Shortcodes WordPress plugin up to version 2.0.9. The vulnerability stems from insufficient input sanitization and output escaping in the themify_button shortcode attributes, allowing an authenticated attacker with contributor-level...
CVE-2024-4542
CVE-2024-4542 is rejected and not used; please refer to CVE-2024-3548 instead.
WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
CVE-2024-3550
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-1533
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2024-3550
CVE-2024-3550 affects the WP Shortcodes Plugin — Shortcodes Ultimate for WordPress. The description specifies a Stored XSS via shortcode attributes in all versions up to 7.1.2, exploitable by authenticated users with contributor-level access or higher, allowing arbitrary scripts to execute on pag...
WordPress plugin WP Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-2583
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...
CVE-2024-3512
CVE-2024-3512 is a duplicate of CVE-2024-2583. The underlying issue affects WordPress Shortcodes Plugin Shortcodes Ultimate prior to version 7.0.5, where shortcodes attributes were not properly escaped, enabling Stored XSS by users with the Contributor role. Remediation is to upgrade to version 7...
CVE-2024-2732
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1658
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...
WordPress Plugin WP Shortcodes Plugin - Shortcodes Ultimate Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-1808
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-1808
CVE-2024-1808 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate. It describes a Stored Cross-Site Scripting (XSS) in the plugin’s su_qrcode shortcode for all versions up to 7.0.3, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...
CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...