CVE-2024-4377 DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-4377 DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode

The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-4377

CVE-2024-4377 affects the DOP Shortcodes WordPress plugin (versions

WordPress DOP Shortcodes Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software DOP Shortcodes Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4377 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 358272ad2236 Credits Bob Matyas Required privilege...

PT-2024-30643 · WordPress · Dop Shortcodes

Name of the Vulnerable Software and Affected Versions: DOP Shortcodes WordPress plugin versions 1.2 and earlier Description: The issue concerns the DOP Shortcodes WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or pos...

WordPress plugin DOP Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Shortcodes by United Themes plugin < 5.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Shortcodes by United Themes versions 5.0.5...

WordPress Shortcodes by United Themes Plugin < 5.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes by United Themes Type Plugin Vulnerable versions 5.0.5 Fixed in 5.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37097 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6a3726b5a722 Credits Rafie Muhammad...

CVE-2024-0383

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-instructions and wprm-recipe-ingredients shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'grouptag' attribute . This makes it possible...

CVE-2024-0383

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-instructions and wprm-recipe-ingredients shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'grouptag' attribute . This makes it possible...

CVE-2024-3492

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'eventcategory' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escapi...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...

WordPress Events Manager plugin <= 6.4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via event, location, and eventcategory Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Events Manager versions = 6.4.7.3...

PT-2024-26249 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event category...

CVE-2024-34763 WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through = 1.01.5...

Download Manager < 3.2.94 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes

Description The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

CVE-2024-4821

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Shortcodes Ultimate plugin <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sulightbox Shortcode vulnerability discovered by Richard Telleng stueotue in WordPress Plugin Shortcodes Ultimate versions = 7.1.6...