Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

Description The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. sunote notecolor='123"onmouseover="alert/XSS/"' textcolor='1' radius='1' class='1' id="1"No...

PT-2024-22713 · Unknown · Builder For Woocommerce Reviews Shortcodes – Reviewshort

Name of the Vulnerable Software and Affected Versions: Builder for WooCommerce reviews shortcodes – ReviewShort versions 1.01.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to perform unintended actions on a w...

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1658

CVE-2024-1658 affects the Grid Shortcodes WordPress plugin prior to 1.1.1. The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in a page/post, enabling a Stored XSS when the shortcode is embedded. Impact: users with the contributor ro...

WordPress Plugin Grid Shortcodes Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2024-2256

The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bwcontactbutton and bwbutton shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2256

The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bwcontactbutton and bwbutton shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2256

CVE-2024-2256 pertains to the WordPress oik plugin and is a stored XSS via shortcode attributes bw_contact_button and bw_button in versions up to and including 4.10.0. The vulnerability arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling authentic...

PT-2024-19486 · WordPress · Oik

Name of the Vulnerable Software and Affected Versions: oik plugin for WordPress versions up to, and including, 4.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes, such as bw contact button and bw button shortcodes, due to insufficient input...

oik < 4.10.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bwcontactbutton and bwbutton shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

CVE-2024-1806

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.1 due to insufficient input sanitizati...

CVE-2024-1535

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.2 due to insufficient input sanitizati...

CVE-2023-6969

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

CVE-2023-6954

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-6969 User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode

The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level...

CVE-2023-6969

CVE-2023-6969 affects the WordPress plugin User Shortcodes Plus. It is an Insecure Direct Object Reference in the user_meta shortcode caused by missing validation on a user-controlled key, allowing authenticated attackers with contributor-level access or higher to retrieve potentially sensitive u...

WordPress Plugin User Shortcodes Plus Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Product Carousel Slider & Grid Ultimate for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...