CVE-2023-3372

The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2021-24433

The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "categorysims", "ordersims", "orderbysims", "periodsims", and "tagsims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as...

CVE-2023-3372 Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-3372

CVE-2023-3372 affects the Lana Shortcodes WordPress plugin prior to 1.2.0. The vulnerability is a stored cross-site scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, allowing users with the Contributor role or higher to inject arbitrary HTML/JS into pages wh...

PT-2024-12437 · WordPress · Lana Shortcodes

Name of the Vulnerable Software and Affected Versions: The Lana Shortcodes WordPress plugin versions prior to 1.2.0 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its...

WordPress plugin Lana Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin simple sort&search security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-10889 · WordPress · Simple Sort&Search Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: simple sort&search WordPress plugin versions 0.0.3 and earlier Description: The issue arises from the simple sort&search WordPress plugin not validating the indexurl parameter of certain shortcodes, including category sims, order sims, orderb...

WordPress WPZOOM Shortcodes Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software WPZOOM Shortcodes Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22162 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7480c3835543 Credits Dhabaleshwar Das Required...

CVE-2023-6782

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Finder Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-21750 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0900912a134b Credits Le Ngoc Anh Required privilege...

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

CVE-2023-52142 WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...

CVE-2023-52142

CVE-2023-52142 is a SQL injection in WordPress plugin Events Shortcodes For The Events Calendar (

PT-2024-14431 · Unknown · Events Shortcodes For The Events Calendar

Name of the Vulnerable Software and Affected Versions: Events Shortcodes For The Events Calendar versions 2.3.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential...

WordPress TJ Shortcodes Plugin <= 0.1.3 is vulnerable to Cross Site Scripting (XSS)

Software TJ Shortcodes Type Plugin Vulnerable versions = 0.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6530 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 023f1a33a7c9 Credits Dmitrii Ignatyev Required...

TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC junkie-button...

TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. junkie-button...

CVE-2023-51373

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a through 4.0.2...