CVE-2022-4781

CVE-2022-4781 affects the Accordion Shortcodes WordPress plugin up to version 2.4.2. The flaw is an unvalidated/unstable shortcode attribute that can be exploited by users with Contributor privileges to perform Stored XSS. A PoC shortcode is provided (for example, [accordion class='" onmouseover=...

CVE-2022-4787 Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4787 Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

CVE-2022-4787

The CVE-2022-4787 entry affects the Themify Shortcodes WordPress plugin prior to version 2.0.8. The issue is a failure to validate and escape a shortcode attribute, enabling Stored XSS by users with as low as Contributor. A PoC exists (exploit shortcode showing XSS) and multiple sources confirm v...

WordPress plugin Themify Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Accordion Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0168 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 576499d3655f Credits István Márton...

WordPress Bootstrap Shortcodes Plugin <= 3.4.0 is vulnerable to Cross Site Scripting (XSS)

Software Bootstrap Shortcodes Type Plugin Vulnerable versions = 3.4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4777 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b9c1c40bdcb0 Credits István Márton...

Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...

Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a Contributor+ create a new post and add...

CVE-2022-4716

The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

PT-2023-15474 · WordPress · Geodirectory

Name of the Vulnerable Software and Affected Versions: GeoDirectory WordPress plugin versions prior to 2.2.22 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low as...

WordPress Meks Flexible Shortcodes Plugin < 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Meks Flexible Shortcodes Type Plugin Vulnerable versions 1.3.5 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4562 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8b8d54e4673c Credits Lana Codes...

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

WordPress Plugin WP Recipe Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WP Tabs < 2.1.15 - Multiple CSRF

The plugin does not have proper CSRF checks in some places, for example when importing shortcodes, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...

WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...