CVE-2023-5127 WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with...

PT-2023-31780 · WordPress · Wp Font Awesome

Name of the Vulnerable Software and Affected Versions: WP Font Awesome plugin for WordPress versions up to, and including, 1.7.9 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on the icon user-supplied...

WordPress CPO Shortcodes Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Shortcodes Type Plugin Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5704 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 2297e8ebd0f5 Credits István Márton Required...

WordPress Theme Blvd Shortcodes Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)

Software Theme Blvd Shortcodes Type Plugin Vulnerable versions = 1.6.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5338 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 028af167f46a Credits István Márton Requir...

CVE-2023-5231

The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Magee Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Magee Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85a6a8988a2 Credits Dmitrii Ignatyev Required...

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4783

CVE-2023-4783 affects the Magee Shortcodes WordPress plugin up to version 2.1.1. The issue is improper validation/escaping of shortcode attributes, enabling Stored XSS when a page/post renders the shortcode. Exploitation requires contributor+ privileges; impact is stored cross-site scripting with...

WordPress plugin Magee Shortcodes cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Add Shortcodes Actions And Filters Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46072 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d320af90840c Credits...

CVE-2023-44475

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

CVE-2023-44994

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44994

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44475

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44994 WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44994 WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Bainternet ShortCodes UI plugin = 1.9.8 versions...

CVE-2023-44994

CVE-2023-44994 is a CSRF vulnerability in the WordPress ShortCodes UI plugin (Bainternet ShortCodes UI) affecting versions