CVE-2023-44475

CVE-2023-44475 corresponds to a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Add Shortcodes Actions And Filters, affecting versions 2.0.9, specifically 2.10 or later. If patching is not possible, monitor for vendor advisories and apply mitigations once available.

CVE-2023-44475 WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

CVE-2023-5467

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5467

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Plugin ShortCodes UI Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-29337 · WordPress · Bainternet Shortcodes Ui

Name of the Vulnerable Software and Affected Versions: Bainternet ShortCodes UI plugin versions 1.9.8 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions ...

Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShortCodes UI Type Plugin Vulnerable versions = 1.9.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44994 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 381936b7d175 Credits Mika Required privilege...

WordPress Plugin The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin The Post Grid - Shortcode,...

CVE-2023-41728

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5...

CVE-2023-41728 WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5...

CVE-2023-41728

CVE-2023-41728: WordPress Rescue Shortcodes plugin

CVE-2023-41728 WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 2.5...

WordPress Plugin Rescue Shortcodes Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2023-28067 · Unknown · Rescue Shortcodes

Name of the Vulnerable Software and Affected Versions: Rescue Shortcodes versions through 2.5 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious script...

The vulnerability of the ND Shortcodes plugin of the WordPress content management system allows attackers to execute LFI attacks.

The vulnerability of the ND Shortcodes plugin of the WordPress content management system is related to an incorrect limitation on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute LFI attacks remotely...

WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add Shortcodes Actions And Filters Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.10 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5bc2b2f01907 Credits...

CVE-2023-5161

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS

Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. PoC As a Contributor+ create a new post and add one of the following shortcode. avatar user="admin"...