CVE-2024-22162

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.1...

CVE-2024-22162 WordPress WPZOOM Shortcodes plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes wpzoom-shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through = 1.0.5...

CVE-2024-22162 WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3...

CVE-2024-22162

CVE-2024-22162 — WPZOOM Shortcodes : Reflected XSS in WPZOOM Shortcodes due to improper input neutralization during web page generation. Affected: WordPress plugin WPZOOM Shortcodes (versions up to 1.0.3; Patchstack also references up to 1.0.5). Impact: attacker-controlled input may inject script...

PT-2024-19250 · Wpzoom · Wpzoom Shortcodes

Name of the Vulnerable Software and Affected Versions: WPZOOM Shortcodes versions 1.0.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

WordPress plugin WPZOOM Shortcodes Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-6530 TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-6530

CVE-2023-6530 affects TJ Shortcodes WordPress plugin versions

PT-2024-14997 · WordPress · Tj Shortcodes

Name of the Vulnerable Software and Affected Versions: TJ Shortcodes WordPress plugin versions 0.1.3 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the TJ Shortcodes WordPress plugin, which can lead to Stored Cross-Site Scripting...

WordPress plugin TJ Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

WPZOOM Shortcodes < 1.0.2 - Reflected Cross-Site Scripting

Description The WPZOOM Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via certain input fields in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via 'tag'

Description The plugin is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-lev...

WP Recipe Maker < 9.1.1 - Directory Traversal

Description The plugin is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, whi...

CVE-2024-0381

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers wi...

CVE-2023-6958

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

Cross site scripting

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers wi...

Shortcodes Finder < 1.5.5 - Reflected Cross-Site Scripting

Description The Shortcodes Finder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Wordpress File Upload < 4.24.1 - Cross-Site Request Forgery

Description The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.24.0. This is due to missing or incorrect nonce validation on the wfuajaxactionsaveshortcode function. This makes it possible for unauthenticated attacker...

CVE-2023-3372

The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...