PT-2024-18322 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.15.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

ProfilePress < 4.15.3 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2024-18121 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.15.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-15741 · WordPress · Pz-Linkcard

Name of the Vulnerable Software and Affected Versions: Pz-LinkCard WordPress plugin versions 2.5.1 and earlier Description: The issue allows high privilege users, such as contributors, to perform Server-Side Request Forgery SSRF attacks by pinging arbitrary hosts via some of the plugin's...

CVE-2024-1290

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

CVE-2024-1290

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the...

CVE-2024-1448

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-1349

The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient input...

CVE-2024-0792

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

WordPress Plugin WP Shortcodes Plugin - Shortcodes Ultimate Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-1808

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-1808

CVE-2024-1808 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate. It describes a Stored Cross-Site Scripting (XSS) in the plugin’s su_qrcode shortcode for all versions up to 7.0.3, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...

CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Shortcodes Ultimate Plugin <= 7.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.0.3 Fixed in 7.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 79f47d814a15 Credits Webbernaut Required...

WordPress Plugin WP Shortcodes Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WP Shortcodes Plugin < 7.0.4 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its suqrcode shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-1687

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...