WordPress plugin Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-12167

The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12166

The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2024-12167 Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce

The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2024-12166

CVE-2024-12166 refers to a vulnerability in the WordPress plugin Shortcodes Blocks Creator Ultimate (versions up to 2.2.0). The issue is a reflected cross-site scripting (XSS) via the page parameter caused by insufficient input sanitization and output escaping. This allows an unauthenticated atta...

WordPress plugin Shortcodes Blocks Creator Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Shortcodes Blocks Creator Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

PT-2024-17467 · WordPress · Shortcodes Blocks Creator Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Blocks Creator Ultimate plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...

CVE-2024-54209

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through = 1.7.2...

WordPress Shortcodes Blocks Creator Ultimate plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Shortcodes Blocks Creator Ultimate versions = 2.2.0...

CVE-2024-54209 WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through = 1.7.2...

CVE-2024-54209

CVE-2024-54209 (WordPress Awesome Shortcodes) is a Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Awesome Shortcodes versions up to 1.7.2. The issue arises from improper neutralization of input during web page generation, enabling reflected XSS. Public records constrain the impac...

CVE-2024-54209 WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through = 1.7.2...

PT-2024-16456 · WordPress · Armember

Name of the Vulnerable Software and Affected Versions: ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress versions up to, and including, 4.0.51 Description: The issue is related to arbitrary shortcode execution due to the software...

WordPress plugin Awesome Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16635 · WordPress · Pojo Forms

Name of the Vulnerable Software and Affected Versions: Pojo Forms plugin for WordPress versions 1.4.7 and earlier Description: The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via the form preview shortcode AJAX action. This is due to the software allowing users ...

PT-2024-16660 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to, and including, 2.0.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action that does not properl...

WordPress plugin BP Profile Shortcodes Extra SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

PT-2024-17220 · WordPress · Bp Profile Shortcodes Extra

Name of the Vulnerable Software and Affected Versions: BP Profile Shortcodes Extra plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to time-based SQL Injection via the tab parameter due to insufficient escaping on the user-supplied parameter and lack of...

WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter vulnerability

Authenticated Contributor+ SQL Injection via tab Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin BP Profile Shortcodes Extra versions = 2.6.0...