WordPress Advanced File Manager Shortcodes plugin <= 2.4 - Authenticated (Contributor+) Directory Traversal vulnerability

Authenticated Contributor+ Directory Traversal vulnerability discovered by Colin Xu in WordPress Plugin File Manager Advanced Shortcode versions = 2.4...

WordPress plugin Squelch Tabs and Accordions Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Squelch Tabs and Accordions Shortcodes Plugin <= 0.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Squelch Tabs and Accordions Shortcodes Type Plugin Vulnerable versions = 0.4.8 Fixed in 0.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5946 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b92bc9205697 Credits...

PT-2024-37260 · WordPress · Squelch Tabs/Accordions Shortcodes

Name of the Vulnerable Software and Affected Versions: Squelch Tabs and Accordions Shortcodes plugin for WordPress versions up to, and including, 0.4.8 Description: The issue is related to Stored Cross-Site Scripting via the tab shortcode due to insufficient input sanitization and output escaping...

CVE-2024-4543

The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...

CVE-2024-4543

The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...

CVE-2024-4543 Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery

The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...

CVE-2024-4543

CVE-2024-4543 affects the WordPress plugin Snippet Shortcodes . The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation when adding or editing shortcodes, enabling unauthenticated attackers to modify shortcodes by tricking an admin into performing an action....

CVE-2024-4543 Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery

The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...

WordPress Snippet Shortcodes plugin <= 4.1.4 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Snippet Shortcodes versions = 4.1.4...

WordPress Snippet Shortcodes Plugin <= 4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Snippet Shortcodes Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4af570583b48 Credits Benedictus Jovan...

WordPress plugin Snippet Shortcodes Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database...

WordPress Plugin Kadence Blocks Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-5346

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user suppli...

CVE-2024-5346

The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user suppli...

WordPress Flatsome theme <= 3.18.7 - Authenticated Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Stored Cross-Site Scripting via Shortcodes vulnerability discovered by wesley wcraft in WordPress Theme Flatsome versions = 3.18.7...

WordPress DOP Shortcodes plugin <= 1.2 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin DOP Shortcodes versions = 1.2...

CVE-2024-4377

The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-4377

The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...