2096 matches found
WordPress Shortcodes Ultimate Plugin <= 7.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7c78a726473d Credits Richard Telleng...
DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Add the following shortcode to a...
DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following shortcode ...
WordPress ND Shortcodes plugin <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin ND Shortcodes For Visual Composer versions = 7.5...
CVE-2024-5220
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-5220
The ND Shortcodes plugin for WordPress (up to version 7.5) is affected by a Stored XSS via the plugin’s upload feature. Exploitation requires authenticated access at Author level or higher, allowing script injection into pages that execute for users visiting injected pages. Patch status for CVE-2...
PT-2024-35132 · WordPress · Nd Shortcodes
Name of the Vulnerable Software and Affected Versions: ND Shortcodes plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's upload feature due to insufficient input sanitization and output escaping. This allows...
ND Shortcodes < 7.6 - Authenticated (Author+) Stored Cross-Site Scripting
Description The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...
WordPress plugin ND Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-28820 · WordPress · Wp Photo Album Plus
Name of the Vulnerable Software and Affected Versions: WP Photo Album Plus versions up to, and including, 8.7.02.003 Description: The issue allows unauthenticated users to execute an action that does not properly validate a value before running do shortcode, making it possible for unauthenticated...
CVE-2024-4553
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...
CVE-2024-4553
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...
CVE-2024-4553 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...
CVE-2024-4553
CVE-2024-4553 affects the WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate. The stored XSS flaw occurs in the su_members shortcode due to insufficient input sanitization and output escaping of the color attribute, exploitable by authenticated users with contributor-level access or high...
WordPress Shortcodes Ultimate plugin <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via sumembers Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Shortcodes Ultimate versions = 7.1.5...
WordPress Uber Menu plugin <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Uber Menu versions = 3.8.2...
WordPress Shortcodes Ultimate Plugin <= 7.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.1.5 Fixed in 7.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4553 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b7f8c1d5e896 Credits wesley wcraft Requir...
WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...
WordPress Plugin shortcodes-ultimate 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2024-31684 · WordPress · Shortcodes Ultimate
Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'su members' shortcode due to insufficient input sanitization and output escaping ...