CVE-2022-38086

CVE-2022-38086 affects the WordPress plugin Shortcodes Ultimate

WordPress plugin Shortcodes Ultimate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Shortcodes Ultimate < 5.12.1 - Settings Preset Update via CSRF

The plugin does not have CSRF check in place when updating its preset settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Preset Settings Change discovered by Dave Jong Patchstack in WordPress Shortcodes Ultimate plugin versions = 5.12.0. Solution Update the WordPress Shortcodes Ultimate plugin to the latest available version at least 5.12.1...

WordPress CPO Shortcodes plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-40672

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

CVE-2022-37342

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

CVE-2022-37342

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

CVE-2022-40672

CVE-2022-40672 corresponds to an authenticated (admin+) Stored XSS vulnerability in the WordPress CPO Shortcodes plugin, affecting versions prior to 1.5.0. The core issue is lack of proper filtering/escaping of user-supplied data in the plugin, enabling stored XSS when an admin-user interacts wit...

CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

CVE-2022-37342 WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

WordPress plugin Add Shortcodes Actions And Filters 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin CPO Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2022-25470 · WordPress · Cpo Shortcodes

Name of the Vulnerable Software and Affected Versions: CPO Shortcodes plugin versions prior to 1.5.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into t...

WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress CPO Shortcodes plugin versions = 1.5.0 . Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is...

CPO Shortcodes <= 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress Add Shortcodes Actions And Filters plugin versions = 2.0.9. Solution No patched version is available. No reply from the vendor...

PT-2022-21940 · WordPress · Biplob018 Shortcode Addons

Name of the Vulnerable Software and Affected Versions: Biplob018 Shortcode Addons plugin versions 3.1.2 and earlier Description: The issue allows authenticated options change in the Biplob018 Shortcode Addons plugin at WordPress. Recommendations: For Biplob018 Shortcode Addons plugin versions 3.1...

CVE-2022-1910

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...