PT-2024-18102 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su tooltip shortcode due to insufficient input sanitization...

Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover

Description The plugin does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. PoC 1. ADMIN: Install Formidable Pro plugin 2. ADMIN: Install...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possib...

CVE-2023-5665

The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Shortcodes Ultimate Plugin <= 7.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 7.0.1 Fixed in 7.0.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0792 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 60b85feef073 Credits Webbernaut Required...

PT-2024-14823 · WordPress · Payment Forms For Paystack

Name of the Vulnerable Software and Affected Versions: Payment Forms for Paystack plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...

CVE-2024-0380

The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files ...

Cross site scripting

The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files ...

CVE-2023-7029

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-0380 WP Recipe Maker <= 9.1.0 - Directory Traversal

The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files ...

CVE-2024-0380 WP Recipe Maker <= 9.1.0 - Directory Traversal

The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files ...

CVE-2024-0380

The CVE-2024-0380 entry concerns WP Recipe Maker for WordPress, where Directory Traversal was possible in all versions up to 9.1.0 via the icon attribute in Shortcodes. Authenticated attackers with contributor-level access and above could include SVG file contents from the server, enabling Cross-...

CVE-2024-21750

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

CVE-2024-21750 WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

CVE-2024-21750

CVE-2024-21750 affects the WordPress Shortcodes Finder plugin ( 1.5.5 (i.e., 1.5.6 or later) to mitigate exploitation. The connected materials also corroborate the vulnerability’s classification as Cross-Site Scripting and list the affected component as the Shortcodes Finder plugin for WordPress.

CVE-2024-21750 WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5...

WordPress plugin Shortcodes Finder Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-19038 · Unknown · Scribit Shortcodes Finder

Name of the Vulnerable Software and Affected Versions: Scribit Shortcodes Finder versions 1.5.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versio...

CVE-2024-22162

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3...