2102 matches found
CVE-2023-25798
CVE-2023-25798 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Olevmedia Shortcodes (versions 1.1.9) to mitigate risk. Monitor for official patch details as they become publicly available.
WordPress plugin Olevmedia Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
PT-2023-20313 · WordPress · Olevmedia Shortcodes
Name of the Vulnerable Software and Affected Versions: Olevmedia Shortcodes plugin versions 1.1.9 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or those with higher authentication levels. There...
PT-2023-16594 · WordPress · Stagtools
Name of the Vulnerable Software and Affected Versions: StagTools WordPress plugin versions prior to 2.3.7 Description: The issue concerns the StagTools WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...
WordPress plugin Video Central 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a66cbc072f58 Credits István Márton Requir...
WordPress Shortcodes Plugin <= 3.46 is vulnerable to Broken Access Control
Software Shortcodes Type Plugin Vulnerable versions = 3.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23725 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 82dcb0293d26 Credits István Márton Required privilege...
Slimstat Analytics < 4.9.4 - Subscriber+ SQL Injection
The plugin does not prevent subscribers from rendering certain shortcodes that concatenate attributes directly into an SQL query. PoC...
CVE-2023-25040
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...
CVE-2023-25040
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...
CVE-2023-25040 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...
CVE-2023-25040
CVE-2023-25040 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Shortcodes Ultimate (aka Shortcodes Ultimate) by Vova Anokhin, affecting versions <= 5.12.6. The issue is a stored XSS flaw; the exact root-cause details are not provided in the supplied documents. Publ...
PT-2023-19889 · WordPress · Shortcodes Ultimate
Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin versions = 5.12.6 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability affects users with contributor or higher permissions. There is no information provided about...
WordPress plugin Shortcodes Ultimate 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-0467
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
CVE-2023-0467
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
Memory corruption
The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing...
PT-2023-16288 · WordPress · Wp Dark Mode
Name of the Vulnerable Software and Affected Versions: WP Dark Mode WordPress plugin versions prior to 4.0.8 Description: The issue arises from improper sanitization of the style parameter in shortcodes, leading to Local File Inclusion. This can occur on servers where non-existent directories may...
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, put the below shortcodes i...