WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin WP Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18453 · WordPress · Social Warfare

Name of the Vulnerable Software and Affected Versions: Social Warfare plugin for WordPress versions up to, and including, 4.4.6.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode due to insufficient input sanitization and output escaping ...

PT-2024-27485 · Woocommerce · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin versions up to, and including, 1.4.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depe...

PT-2024-18315 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike – Most Advanced WordPress Marketing Toolkit plugin versions up to, and including, 4.6.9 Description: The issue allows authenticated attackers with contributor-level access and above to perform SQL Injection via the status and id...

PT-2024-26518 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-20932 · Jotform · Jotform Online Forms – Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization an...

WordPress Shortcodes Ultimate plugin <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.1.2...

WordPress Shortcodes Ultimate Plugin <= 7.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.1.2 Fixed in 7.1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3550 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 38b246791023 Credits stealthcopter Requir...

WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes vulnerability

Authenticated Contributor+ SQL Injection via Shortcodes vulnerability discovered by Bassem Essam in WordPress Plugin WP ULike versions = 4.6.9...

WordPress Arconix Shortcodes plugin <= 2.1.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix Shortcodes versions = 2.1.10...

WordPress Shortcodes Ultimate plugin < 7.1.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate versions 7.1.0...

CVE-2024-3188

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-3188

CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...

WordPress Arconix Shortcodes Plugin <= 2.1.10 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 049f969c5895 Credits Dhabaleshwar Das Required...

WordPress Shortcodes Ultimate Plugin < 7.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions 7.1.0 Fixed in 7.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3188 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1a5b1c96fbcf Credits Dmitrii Ignatyev...

WordPress plugin WP Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...