WordPress Accordion Shortcodes Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software Accordion Shortcodes Type Plugin Vulnerable versions = 2.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4781 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6ec89397587 Credits István Márton...

Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: accordion class='" onmouseover="alert1" style="background:red;width:100px;height:100px;"'...

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Put the...

CVE-2022-3361

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths...

CVE-2022-3361

The CVE-2022-3361 entry concerns the WordPress Ultimate Member plugin (versions up to 2.5.0). The vulnerability is a directory traversal flaw caused by insufficient validation of the template attribute in shortcodes, allowing an attacker with administrative privileges to supply traversal sequence...

Silverstripe XSS in shortcodes

A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where...

GHSA-9CX2-HJ6M-FV58 Silverstripe XSS in shortcodes

A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribute whitelists have been implemented where...

WordPress Shortcodes Ultimate Plugin < 5.12.1 Multiple CSRF Vulnerabilities

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

CVE-2022-41136

The CVE-2022-41136 entry concerns the WordPress Shortcodes Ultimate plugin, specifically versions

WordPress plugin Shortcodes Ultimate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2022-25668 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin versions prior to 5.12.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that leads to Stored Cross-Site Scripting XSS. This means an attacker can trick a user into performing unintended...

WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Shortcodes Ultimate plugin versions = 5.12.0. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

CVE-2022-38086

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...

CVE-2022-38086

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...

CVE-2022-38086 WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...

CVE-2022-38086 WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Shortcodes Ultimate plugin = 5.12.0 at WordPress leading to plugin preset settings change...