WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Arbitrary File Download

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A3: Sensitive Data Exposure Classification Arbitrary File Download CVE CVE-2023-25050 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 547ac1ab598f Credits Rafie Muhammad...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25040 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7acc7c74ae4b Credits Rafie Muhammad...

Shortcodes Ultimate < 5.12.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-23800 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b83339aecda3 Credits Rafie Muhamm...

Shortcodes Ultimate < 5.12.7 - Subscriber+ SSRF

The plugin does not validate the url attribute of its sucsvtable shortcode before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attacks...

Shortcodes Ultimate < 5.12.7 - Subscriber+ Arbitrary File Access

The plugin does not validate the url attribute of its sutable shortcode before displaying its content, which could allow any authenticated users, such as subscriber to read arbitrary files from the server when the "Unsafe Features" settings is enabled...

CVE-2022-4626 PPWP – WordPress Password Protect Page < 1.8.6 - Contributor+ Stored XSS in Shortcode

The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users...

CVE-2023-0150 Cloak Front End Email < 1.9.2 - Contributor+ Stored XSS

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Plugin EAN for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress Plugin MonsterInsights 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Naver Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Plugin Html5 Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC button style='"...

Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. button style='"...

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4781

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4781

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4787

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Cross site scripting

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4781 Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode

The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...