CVE-2023-46632 WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3...

CVE-2023-46632 WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3...

WordPress plugin Arconix Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin My Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1523 · Unknown · My Shortcodes

Name of the Vulnerable Software and Affected Versions: My Shortcodes versions 2.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For My Shortcodes versions 2.3...

PT-2025-3208 · Unknown · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes versions through 2.1.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

WordPress AIO Shortcodes plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin AIO Shortcodes versions = 1.3...

WordPress Arconix Shortcodes plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis Patchstack Alliance in WordPress Plugin Arconix Shortcodes versions = 2.1.14...

WordPress Arconix Shortcodes plugin <= 2.1.15 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.15...

WordPress plugin Shortcodes and extra features for Phlox theme 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-11108

The CVE-2024-11108 entry concerns Serious Slider WordPress Plugin (versions prior to 1.2.7). Red Hat and NVD entries confirm the issue: the plugin fails to validate and escape certain shortcode attributes before echoing them in a page/post, allowing Stored XSS by users with the Contributor role o...

PT-2024-16769 · WordPress · Serious Slider

Name of the Vulnerable Software and Affected Versions: Serious Slider WordPress plugin versions prior to 1.2.7 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

PT-2024-17335 · WordPress · Slope Widgets

Name of the Vulnerable Software and Affected Versions: Slope Widgets plugin for WordPress versions up to, and including, 4.2.11 Description: The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode due to insufficient inpu...

CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure

The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODEELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with...

PT-2024-16466 · WordPress +1 · Shortcodes For Elementor +1

Name of the Vulnerable Software and Affected Versions: Shortcodes for Elementor plugin for WordPress versions up to, and including, 1.0.4 RSTheme affected versions not specified Description: The issue is related to Information Exposure, where insufficient restrictions on which posts can be includ...

WordPress plugin Shortcodes for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-54334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through =...

CVE-2024-54264

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through = 2.2.0...

CVE-2024-54334

CVE-2024-54334 affects the Quran Phrases About Most People Shortcodes WordPress plugin. Connected data confirm a DOM-Based XSS in Quran Phrases About Most People Shortcodes, affecting version range from n/a up to 1.4. Wordfence vulnerability details note the issue is Mitigated by patches in the 1...

CVE-2024-54264 WordPress Shortcodes Blocks Creator Ultimate plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in César Morillas Shortcodes Blocks Creator Ultimate allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through 2.2.0...