WordPress Add Shortcodes Actions And Filters plugin <= 2.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Add Shortcodes Actions And Filters versions = 2.10...

CVE-2024-2475

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.15.7 is vulnerable to Broken Access Control

Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.15.7 Fixed in 2.15.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31099 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 6820fd10e35f...

WordPress Add Shortcodes Actions And Filters Plugin <= 2.10 is vulnerable to Cross Site Scripting (XSS)

Software Add Shortcodes Actions And Filters Type Plugin Vulnerable versions = 2.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30558 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d8a48b95c13c Credits Dimas Maulana...

CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

CVE-2024-0677 Pz-LinkCard <= 2.5.1 - Contributor+ SSRF

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

WordPress Plugin Pz-LinkCard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-20528 · WordPress · Media Library Assistant

Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to, and including, 3.13 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...

CVE-2024-29797

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...

CVE-2024-29797 WordPress Grid Shortcodes plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Darko Grid Shortcodes allows Stored XSS.This issue affects Grid Shortcodes: from n/a through 1.1...

CVE-2024-29797

CVE-2024-29797 is a stored XSS vulnerability in the WordPress Grid Shortcodes plugin by WP Darko, affecting Grid Shortcodes versions from n/a up to 1.1. The issue is described as Stored XSS via the shortcode, but the provided documents do not specify exploit vectors, affected site behaviors, user...

WordPress Plugin Grid Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-2732

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2732

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2732 Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2732

CVE-2024-2732 affects the Themify Shortcodes plugin for WordPress, with Stored XSS in the themify_post_slider shortcode in all versions up to 2.0.8 due to insufficient input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access and abo...

CVE-2024-2732 Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin Themify Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Themify Shortcodes Plugin <= 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions = 2.0.8 Fixed in 2.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2732 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74cfc77cef6c Credits Krzysztof Zając...

WordPress Grid Shortcodes Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Grid Shortcodes Type Plugin Vulnerable versions = 1.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29797 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 001d3493f64b Credits Ngô Thiên An ancorn from VNPT-VCI Requir...