WordPress Avada | Website Builder For WordPress & eCommerce plugin <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via fusionbutton Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Fusion Builder versions = 3.11.9...

PT-2024-37209 · WordPress · Tweaker5

Name of the Vulnerable Software and Affected Versions: Tweaker5 theme for WordPress versions up to, and including, 1.2 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

PT-2024-37155 · WordPress · Triton Lite

Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...

PT-2024-37206 · WordPress · Delicate Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Delicate theme for WordPress versions up to, and including, 3.5.5 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and output...

PT-2024-36778 · WordPress · Avada

Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & eCommerce plugin for WordPress versions up to, and including, 3.11.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's fusion button shortcode due to insufficient input...

CVE-2024-7100

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbbutton shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

PT-2024-37275 · WordPress · Zenon Lite

Name of the Vulnerable Software and Affected Versions: Zenon Lite theme for WordPress versions up to, and including, 1.9 Description: The issue arises from insufficient input sanitization and output escaping in the url parameter within the theme's Button shortcode, allowing authenticated attacker...

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Boot Store theme <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Boot Store versions = 1.6.4...

PT-2024-37253 · WordPress · Boot Store

Name of the Vulnerable Software and Affected Versions: The Boot Store theme for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and...

CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5922

CVE-2024-5922 affects the Scylla lite WordPress theme. It is a stored XSS vulnerability via the url parameter in the theme’s Button shortcode, affecting all versions up to and including 1.8.3. Exploitation requires authenticated access (Contributor level or higher) and can inject scripts that exe...

CVE-2024-5925 Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5788 Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5788

CVE-2024-5788 concerns the WordPress theme Silesia. The vulnerability is a Stored Cross-Site Scripting (XSS) via the ‘link’ attribute in the theme’s Button shortcode, affecting all versions up to and including 1.0.6. It requires authentication at Contributor level or higher, enabling an attacker ...

CVE-2024-5788 Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

WordPress Scylla lite theme <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Scylla lite versions = 1.8.3...