2096 matches found
Cross site scripting
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0064
The CVE-2023-0064 entry corresponds to the WordPress plugin “eVision Responsive Column Layout Shortcodes” (versions 2.3 and earlier). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of shortcode attributes, which are output into the pag...
CVE-2023-0064 eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS
The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2023-0063 Synved Shortcodes <= 1.6.36 - Contributor+ Stored XSS
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0063 Synved Shortcodes <= 1.6.36 - Contributor+ Stored XSS
The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2023-0063
CVE-2023-0063 affects the WordPress Synved Shortcodes plugin, versions
WordPress Shortcodes Ultimate Plugin < 5.12.8 is vulnerable to Sensitive Data Exposure
Software Shortcodes Ultimate Type Plugin Vulnerable versions 5.12.8 Fixed in 5.12.8 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-0911 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 466e8901614e Credits Erwan LR WPScan Requir...
WordPress plugin eVision Responsive Column Layout Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-15980 · WordPress · Wordpress Shortcodes
Name of the Vulnerable Software and Affected Versions: WordPress Shortcodes WordPress plugin versions 1.6.36 and earlier Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcod...
WordPress plugin Synved Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-15981 · WordPress · Evision Responsive Column Layout Shortcodes
Name of the Vulnerable Software and Affected Versions: eVision Responsive Column Layout Shortcodes WordPress plugin versions 2.3 and earlier Description: The issue concerns the eVision Responsive Column Layout Shortcodes WordPress plugin, which does not properly validate and escape some of its...
WordPress Synved Shortcodes Plugin <= 1.6.36 is vulnerable to Cross Site Scripting (XSS)
Software Synved Shortcodes Type Plugin Vulnerable versions = 1.6.36 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0063 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 97249fb0c45f Credits Lana Codes Requir...
WordPress WoodMart Theme 7.1.0 Shortcodes Injection
==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2022 == Report Title: WordPress WoodMart Theme = 7.1.0 - Unauthenticated Arbitrary Shortcodes Injection Google Dork: inurl:/wp-content/themes/woodmart/ Research Date: 2022-11-12 Researcher: FearZzZz https://fearzzzz....
WordPress WoodMart Theme 7.1.0 Shortcodes Injection Vulnerability
The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ==== Z://USB-00RESEARCH/WORDPRESS/...
CVE-2023-0168
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0168
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0168 Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0168 Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0168
CVE-2023-0168 affects the Olevmedia Shortcodes WordPress plugin ≤ 1.1.9. The root cause is the plugin’s failure to validate and escape some shortcode attributes before output, enabling Stored XSS for users with the contributor role or higher when shortcodes are embedded in pages/posts. Several co...