CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

CVE-2024-5266

The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user...

CVE-2024-5220

The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...

CVE-2024-43133

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1...

CVE-2024-1510

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sutooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplie...

CVE-2024-1396

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-1808

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-10226

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-10887

The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping ...

CVE-2024-9242

The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberfulbuysubscriptionlink' and 'memberfulpodcastslink' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on use...

CVE-2024-54334

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through =...

CVE-2024-51878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in strailejoey AchillesTheme-shortcodes achilles-shortcodes allows DOM-Based XSS.This issue affects AchillesTheme-shortcodes: from n/a through = 0.1...

CVE-2024-51857

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DannyCooper Olympus Shortcodes olympus-shortcodes allows DOM-Based XSS.This issue affects Olympus Shortcodes: from n/a through = 1.0.4...

CVE-2024-12477

The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2024-11871

The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11365

The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...

CVE-2024-13590

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4260

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

CVE-2024-10268

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplie...

CVE-2024-51881

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Beautimour Be Shortcodes be-shortcodes allows DOM-Based XSS.This issue affects Be Shortcodes: from n/a through = 1.0.0...