WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9027 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 023d928af205 Credits Peter Thaleikis Required...

CVE-2024-8479

CVE-2024-8479 affects the WordPress plugin Simple Spoiler (versions 1.2–1.3). The vulnerability stems from the plugin adding the filter add_filter('comment_text','do_shortcode'), which causes all shortcodes in comments to be executed. This enables unauthenticated attackers to run arbitrary shortc...

PT-2024-39045 · WordPress · Simple Spoiler

Name of the Vulnerable Software and Affected Versions: The Simple Spoiler plugin for WordPress versions 1.2 to 1.3 Description: The issue is due to the plugin adding the filter add filter'comment text','do shortcode', which runs all shortcodes in comments. This allows unauthenticated attackers to...

PT-2024-37909 · WordPress · Wp Multitasking

Name of the Vulnerable Software and Affected Versions: WP MultiTasking WordPress plugin versions 0.1.12 and earlier Description: The issue is related to the WP MultiTasking WordPress plugin not validating and escaping some of its shortcode attributes before outputting them back in a page/post whe...

Exploit for Code Injection in Wpml

CVE-2024-6386 - RCE via Twig SSTI in WPML PoC PoC on Pyth...

CVE-2024-7381

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...

PT-2024-28756 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on user-supplied attributes in several of the...

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 CVSS score: 9.9, impacts all versions of the plugin before 4.6.13,...

WordPress Sheet to Table Live Sync for Google Sheet plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via STWT_Sheet_Table Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via STWTSheetTable Shortcode vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin Sheet to Table Live Sync for Google Sheet versions = 1.0.1...

CVE-2024-43133

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1...

CVE-2024-43133

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1...

CVE-2024-43133 WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1...

CVE-2024-43133 WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1...

CVE-2024-43133

CVE-2024-43133 is a Stored XSS vulnerability in Themify Shortcodes (Themify Shortcodes plugin) caused by improper input neutralization during web-page generation. Affected versions are Themify Shortcodes from n/a through 2.1.1. Public details confirm a Cross-Site Scripting issue, but the provided...

WordPress plugin Themify Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-30322 · WordPress · Themify Shortcodes

Name of the Vulnerable Software and Affected Versions: Themify Shortcodes versions through 2.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress Themify Shortcodes plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Themify Shortcodes versions = 2.1.1...

WordPress Themify Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43133 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9f19f50a864c Credits LVT-tholv2k Required privilege...

WordPress Shortcodes Ultimate Pro plugin < 7.2.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate Pro versions 7.2.1...

CVE-2024-6766

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...