2101 matches found
CVE-2024-9846
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
WordPress plugin The Enable Shortcodes inside Widgets,Comments and Experts 码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an applicatio...
PT-2024-39884 · WordPress · Enable Shortcodes Inside Widgets
Name of the Vulnerable Software and Affected Versions: The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress version 1.0.0 and earlier Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a val...
CVE-2024-10226
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-10226
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-10226 Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-10226
CVE-2024-10226 : Arconix Shortcodes for WordPress is vulnerable to Stored XSS via the box shortcode in versions ≤ 2.1.13 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor level or higher; injected scripts execu...
CVE-2024-10226 Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Arconix Shortcodes plugin <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.13...
WordPress plugin Arconix Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Enable Shortcodes inside Widgets,Comments and Experts Plugin <= 1.0.0 is vulnerable to Arbitrary Code Execution
Software Enable Shortcodes inside Widgets,Comments and Experts Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9846 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 5e00f716955b Credits...
WordPress Arconix Shortcodes Plugin <= 2.1.13 is vulnerable to Cross Site Scripting (XSS)
Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.13 Fixed in 2.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10226 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c6233411bd7c Credits Peter Thaleikis...
PT-2024-16099 · WordPress · Streamweasels Kick Integration
Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode due to insufficient input sanitization and outp...
PT-2024-16125 · WordPress · Arconix Shortcodes
Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.13 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input...
CVE-2024-9772
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...
CVE-2024-9772
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...
CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution
The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...
CVE-2024-9772
CVE-2024-9772 concerns WordPress, specifically the UIX Shortcodes plugin (versions up to 1.9.9; some sources also cite 1.9.7). The vulnerability allows unauthenticated attackers to perform arbitrary shortcode execution by exploiting improper validation when running do_shortcode, via an action exp...