CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-4233 Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-4233

CVE-2024-4233 is a Missing Authorization vulnerability affecting Tyche Softwares plugins: Print Invoice & Delivery Notes for WooCommerce (up to v4.8.1), Arconix Shortcodes (up to v2.1.10), and Arconix FAQ (up to v1.9.3). Connected PT security details specify the issue can be exploited remotely. R...

WordPress Themify Shortcodes plugin <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via themifybutton Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Themify Shortcodes versions = 2.0.9...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.7 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.7...

WordPress Themify Shortcodes Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f47e36fe951 Credits Francesco Carlucci...

WordPress Squelch Tabs and Accordions Shortcodes Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Squelch Tabs and Accordions Shortcodes Type Plugin Vulnerable versions = 0.4.7 Fixed in 0.4.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4463 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 80dc3fbc8cbb Credi...

WordPress plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-29873 · Arconix +1 · Arconix Faq +2

Name of the Vulnerable Software and Affected Versions: Print Invoice & Delivery Notes for WooCommerce versions 4.8.1 and earlier Arconix Shortcodes versions 2.1.10 and earlier Arconix FAQ versions 1.9.3 and earlier Description: The issue is related to a Missing Authorization vulnerability. This...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

WordPress Swift Framework plugin <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcodes vulnerability discovered by Francesco Carlucci in WordPress Plugin Swift Framework versions = 2.7.31...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3550

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-3550

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-1533

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-3550 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-3550

CVE-2024-3550 affects the WP Shortcodes Plugin — Shortcodes Ultimate for WordPress. The description specifies a Stored XSS via shortcode attributes in all versions up to 7.1.2, exploitable by authenticated users with contributor-level access or higher, allowing arbitrary scripts to execute on pag...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...