PT-2024-19671 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attribute...

CVE-2024-2458

The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

PT-2024-20467 · WordPress · The Powerkit – Supercharge Your Wordpress Site

Name of the Vulnerable Software and Affected Versions: The Powerkit – Supercharge your WordPress Site plugin versions up to, and including, 2.9.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping...

CVE-2024-2499

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2499 Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Plugin Squelch Tabs and Accordions Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Powerkit – Supercharge your WordPress Site < 2.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...

Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the...

Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting

Description The Add Shortcodes Actions And Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-31099

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7...

CVE-2024-31099

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7...

CVE-2024-31099 WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7...

CVE-2024-31099

Technical details about CVE-2024-31099 are not provided in the connected documents. The initial description notes a missing authorization vulnerability affecting Averta Shortcodes/Phlox auxin-elements, but no vendor/version specifics, impact details, or remediation steps are present to cite. Moni...

Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...

CVE-2024-30558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Simpson Add Shortcodes Actions And Filters allows Reflected XSS.This issue affects Add Shortcodes Actions And Filters: from n/a through 2.10...

CVE-2024-30558 WordPress Add Shortcodes Actions And Filters plugin <= 2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Simpson Add Shortcodes Actions And Filters allows Reflected XSS.This issue affects Add Shortcodes Actions And Filters: from n/a through 2.10...

CVE-2024-30558

Technical details about CVE-2024-30558 are not publicly available in the provided connected documents. Based on available data, we cannot specify affected product/version or remediation here. Monitor for updates from vendors/security advisories.

WordPress Plugin Add Shortcodes Actions And Filters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blogs on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Add Shortcodes Actions And...

PT-2024-23488 · Unknown · Add Shortcodes Actions/Filters

Name of the Vulnerable Software and Affected Versions: Add Shortcodes Actions And Filters versions prior to 2.10 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting XSS. Specifically, it allows Reflected XSS...