CVE-2024-10342

The CVE-2024-10342 entry concerns the League of Legends Shortcodes WordPress plugin (versions

CVE-2024-10342 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-10341 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode

The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2024-10341

CVE-2024-10341 relates to the WordPress plugin League of Legends Shortcodes. The vulnerability is an SQL Injection in the plugin’s shortcode for versions up to and including 1.0.1, caused by insufficient escaping of the user-supplied parameter and inadequate preparation of the SQL query. Exploita...

CVE-2024-10341 League of Legends Shortcodes <= 1.0.1 - Authenticated (Contributor+) SQL Injection via Shortcode

The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

WordPress Uix Shortcodes Plugin <= 1.9.9 is vulnerable to Arbitrary Code Execution

Software Uix Shortcodes Type Plugin Vulnerable versions = 1.9.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9772 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID a42f828d9a99 Credits Francesco Carlucci Required privilege...

PT-2024-16203 · WordPress · Beek Widget Extention

Name of the Vulnerable Software and Affected Versions: Beek Widget Extention plugin for WordPress versions up to, and including, 0.9.5 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin League of Legends Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPres...

WordPress plugin League of Legends Shortcodes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A SQL injection vulnerability exists in the WordPress plugi...

WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...

WordPress League of Legends Shortcodes plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin League of Legends Shortcodes versions = 1.0.1...

WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10342 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a6f27a15f3e2 Credits István Márto...

WordPress League of Legends Shortcodes Plugin <= 1.0.1 is vulnerable to SQL Injection

Software League of Legends Shortcodes Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10341 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID e710f3b6d815 Credits István Márton Required privilege...

CVE-2024-8500

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-8500

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Shortcodes Ultimate versions = 7.2.2...

WordPress Shortcodes Ultimate Plugin <= 7.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.2.2 Fixed in 7.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8500 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fd442dd2a35 Credits Webbernaut Required...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-9703

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-9703

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...