2096 matches found
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10957
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter...
CVE-2016-10957
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter...
WordPress nd-shortcodes plugin unauthorized operation vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-shortcodes is a drag-and-drop page builder plugin used in it. A security vulnerability exists in WordPress nd-shortcodes plugin...
CVE-2019-15771
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2019-15771
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
Code injection
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
CVE-2019-15771
Summary: CVE-2019-15771 affects the WordPress plugin “nd-shortcodes” prior to version 6.0. A nopriv_ AJAX action in the plugin allows modification of the siteurl setting. Impact (as stated): This could enable an unauthenticated/privilege-abuse scenario by changing WordPress site URL related confi...
CVE-2019-15771
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...
WordPress shortcodes-ultimate plugin input validation error vulnerability
WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. shortcodes-ultimate is one of the plugins used in it, which supports the creation of tabs, buttons, sliders,...
CVE-2017-18580
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...
CVE-2017-18539
The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes...
CVE-2017-18540
The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes...
PT-2019-8474 · Unknown · Weblibrarian Plugin
Name of the Vulnerable Software and Affected Versions: weblibrarian plugin versions prior to 3.4.8.7 Description: The issue allows for cross-site scripting XSS attacks via front-end short codes. Recommendations: For versions prior to 3.4.8.7, update to version 3.4.8.7 or later to resolve the issu...
PT-2019-8473 · WordPress · Weblibrarian
Name of the Vulnerable Software and Affected Versions: weblibrarian plugin versions prior to 3.4.8.6 for WordPress Description: The issue concerns a Cross-Site Scripting XSS vulnerability. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website,...
CVE-2015-9318
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...
Security feature bypass
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...
CVE-2015-9318
CVE-2015-9318 affects the WordPress plugin Awesome Support prior to 3.1.7. The vulnerability is that shortcodes are allowed in replies, stemming from the plugin’s handling of reply content. According to NVD, the issue has CVSS v2 base score 5.0 (MEDIUM) with impact on integrity while allowing net...
CVE-2015-9318
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies...