Lucene search
K

2101 matches found

OSV
OSV
added 2024/10/30 3:15 a.m.4 views

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS6.1AI score0.00542EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/30 2:4 a.m.14 views

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS0.00542EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/30 2:4 a.m.15 views

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS7.6AI score0.00542EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.4 views

WordPress plugin The Enable Shortcodes inside Widgets,Comments and Experts 码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an applicatio...

7.3CVSS7.8AI score0.00542EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-39884 · WordPress · Enable Shortcodes Inside Widgets

Name of the Vulnerable Software and Affected Versions: The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress version 1.0.0 and earlier Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a val...

7.3CVSS8.2AI score0.00542EPSS
Exploits0References7
OSV
OSV
added 2024/10/29 2:15 p.m.3 views

CVE-2024-10226

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00313EPSS
Exploits0References3
NVD
NVD
added 2024/10/29 2:15 p.m.12 views

CVE-2024-10226

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/29 1:53 p.m.21 views

CVE-2024-10226 Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00313EPSS
Exploits0References3
CVE
CVE
added 2024/10/29 1:53 p.m.57 views

CVE-2024-10226

CVE-2024-10226 : Arconix Shortcodes for WordPress is vulnerable to Stored XSS via the box shortcode in versions ≤ 2.1.13 due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor level or higher; injected scripts execu...

6.4CVSS5.4AI score0.00313EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/29 1:53 p.m.8 views

CVE-2024-10226 Arconix Shortcodes <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.9AI score0.00313EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/29 5:14 a.m.5 views

WordPress Arconix Shortcodes plugin <= 2.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.13...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.2 views

WordPress plugin Arconix Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.15 views

WordPress Enable Shortcodes inside Widgets,Comments and Experts Plugin <= 1.0.0 is vulnerable to Arbitrary Code Execution

Software Enable Shortcodes inside Widgets,Comments and Experts Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9846 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 5e00f716955b Credits...

7.3CVSS7AI score0.00542EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.15 views

WordPress Arconix Shortcodes Plugin <= 2.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.13 Fixed in 2.1.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10226 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c6233411bd7c Credits Peter Thaleikis...

6.4CVSS5.7AI score0.00313EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.3 views

PT-2024-16099 · WordPress · Streamweasels Kick Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Kick Integration plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode due to insufficient input sanitization and outp...

6.4CVSS6.2AI score0.00366EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.6 views

PT-2024-16125 · WordPress · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.13 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input...

6.4CVSS6.1AI score0.00313EPSS
Exploits0References16
OSV
OSV
added 2024/10/26 10:15 a.m.4 views

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2024/10/26 10:15 a.m.24 views

CVE-2024-9772

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS0.01411EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/26 9:35 a.m.24 views

CVE-2024-9772 Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS0.01411EPSS
Exploits0References3
CVE
CVE
added 2024/10/26 9:35 a.m.62 views

CVE-2024-9772

CVE-2024-9772 concerns WordPress, specifically the UIX Shortcodes plugin (versions up to 1.9.9; some sources also cite 1.9.7). The vulnerability allows unauthenticated attackers to perform arbitrary shortcode execution by exploiting improper validation when running do_shortcode, via an action exp...

7.3CVSS7.6AI score0.01411EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder