2096 matches found
Uber Menu < 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
Description The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenumobileclosebutton, ubermenutoggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on...
CVE-2024-3811
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3810
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2024-3811 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3810
CVE-2024-3810 : The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.5.3 via the icon/image attribute used in shortcodes. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary PHP f...
CVE-2024-3811
The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the icon shortcode in all versions up to and including 1.5.3 due to insufficient input sanitization and output escaping on user-supplied attributes. Authentication at contributor level or higher is requir...
CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
WordPress Plugin Salient Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-27888 · WordPress · Salient Shortcodes
Name of the Vulnerable Software and Affected Versions: Salient Shortcodes plugin for WordPress versions up to, and including, 1.5.3 Description: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion via the icon shortcode image attribute. This allows authenticated...
PT-2024-27889 · WordPress · Salient Shortcodes
Name of the Vulnerable Software and Affected Versions: Salient Shortcodes plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'icon' shortcode due to insufficient input sanitization and output escaping on...
WordPress Plugin Salient Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-37888
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0...
CVE-2023-37888
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0...
CVE-2023-37888 WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0...
CVE-2023-37888 WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0...
CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6...
CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6...
Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Shortcodes Ultimate 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...