WordPress Memberlite Shortcodes plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via memberlite_accordion Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via memberliteaccordion Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Memberlite Shortcodes versions = 1.3.9...

WordPress Memberlite Shortcodes Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Memberlite Shortcodes Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11227 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0e464af54709 Credits Peter Thaleikis...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

WordPress plugin Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-16937 · WordPress · The Crypto/Defi Widgets – Web3 Cryptocurrency Shortcodes

Name of the Vulnerable Software and Affected Versions: The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress versions up to, and including, 1.1.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated...

PT-2024-16631 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.8.6 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode...

CVE-2024-51881

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Beautimour Be Shortcodes be-shortcodes allows DOM-Based XSS.This issue affects Be Shortcodes: from n/a through = 1.0.0...

CVE-2024-51878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in strailejoey AchillesTheme-shortcodes achilles-shortcodes allows DOM-Based XSS.This issue affects AchillesTheme-shortcodes: from n/a through = 0.1...

CVE-2024-51857

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DannyCooper Olympus Shortcodes olympus-shortcodes allows DOM-Based XSS.This issue affects Olympus Shortcodes: from n/a through = 1.0.4...

CVE-2024-51638

Cross-Site Request Forgery CSRF vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through 1.1.8...

CVE-2024-51638 WordPress Awesome Shortcodes For Genesis plugin 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through 1.1.8...

CVE-2024-51638 WordPress Awesome Shortcodes For Genesis plugin 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis awesome-shortcodes-for-genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through 1.1.8...

CVE-2024-51638

CVE-2024-51638 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin Awesome Shortcodes For Genesis (versions up to 1.1.8). Exploitation is implied to enable stored XSS via CSRF context; CVSSv3.1 base score 7.1 (high). Public references indicate WordPress plugin 1.1.8 is affected; patch s...

CVE-2024-51857 WordPress Olympus Shortcodes plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DannyCooper Olympus Shortcodes olympus-shortcodes allows DOM-Based XSS.This issue affects Olympus Shortcodes: from n/a through = 1.0.4...

CVE-2024-51857

CVE-2024-51857 is a DOM-based XSS vulnerability in the WordPress plugin Olympus Shortcodes (Olympus Shortcodes) that allows an attacker to inject malicious scripts via improper input neutralization during page generation. Affected versions are Olympus Shortcodes up to 1.0.4. Root cause is imprope...

CVE-2024-51857 WordPress Olympus Shortcodes plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DannyCooper Olympus Shortcodes olympus-shortcodes allows DOM-Based XSS.This issue affects Olympus Shortcodes: from n/a through = 1.0.4...

CVE-2024-51878 WordPress AchillesTheme-shortcodes plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in strailejoey AchillesTheme-shortcodes achilles-shortcodes allows DOM-Based XSS.This issue affects AchillesTheme-shortcodes: from n/a through = 0.1...

CVE-2024-51878 WordPress AchillesTheme-shortcodes plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in strailejoey AchillesTheme-shortcodes achilles-shortcodes allows DOM-Based XSS.This issue affects AchillesTheme-shortcodes: from n/a through = 0.1...

CVE-2024-51878

CVE-2024-51878 affects AchillesTheme-shortcodes (WordPress plugin). Public details describe an improper input neutralization during web page generation leading to DOM-based XSS in versions up to 0.1. No patch information is provided in the connected documents; remediation status is not specified....