PT-2024-39515 · WordPress · Memberful

Name of the Vulnerable Software and Affected Versions: Memberful – Membership Plugin versions up to, and including, 1.73.7 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

CVE-2024-8991 OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osmmap and osmmapv3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress OSM plugin <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via osmmap and osmmapv3 Shortcodes vulnerability discovered by Peter Thaleikis in WordPress Plugin OSM versions = 6.1.0...

PT-2024-39356 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's osm map and osm map v3 shortcodes due to insufficient input sanitization and outpu...

CVE-2024-9177

The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedycol, themedysociallink, themedyalertbox, and themedypullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedybutton...

CVE-2024-8725

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

CVE-2024-8725 Advanced File Manager <= 5.2.8 - Authenticated (Subscriber+) Limited File Upload

Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with...

CVE-2024-8725

CVE-2024-8725 affects the WordPress plugin Advanced File Manager (

WordPress Themedy Toolbox plugin <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by Francesco Carlucci in WordPress Plugin Themedy Toolbox versions = 1.0.15...

PT-2024-39204 · WordPress · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: The issue is due to a lack of proper checks, allowing lower-privileged roles to upload .css and .js files to arbitrary directories. This enables authenticated attackers with...

CVE-2024-9027

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9027

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-8481

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

CVE-2024-9027 WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9027

CVE-2024-9027 affects the WPZOOM Shortcodes WordPress plugin (versions up to and including 1.0.5). Root cause: insufficient input sanitization and output escaping on the box shortcode attributes, enabling stored XSS. Exploitation requires authentication at contributor level or higher, with the at...

CVE-2024-9027 WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-39371 · Wpzoom · Wpzoom Shortcodes

Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'box' shortcode due to insufficient input sanitization and output escaping on...

WordPress plugin WPZOOM Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin The Special Text Boxes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via box Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin WPZOOM Shortcodes versions = 1.0.5...