Beijing Baichuo Smart S85F Management Platform Operating System Command Injection Vulnerability

Beijing Baichuo Smart S85F Management Platform is a management platform of Beijing Baichuo Company. Beijing Baichuo Smart S85F Management Platform suffers from an operating system command injection vulnerability, which stems from unknown processing in importexport.php, leading to operating system...

CVE-2023-5668

The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5668 WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin WhatsApp Share Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WhatsApp Share Button <= 1.0.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

PT-2023-32251 · WordPress · Whatsapp Share Button

Name of the Vulnerable Software and Affected Versions: WhatsApp Share Button plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode due to insufficient input sanitization and output escaping ...

PT-2023-28531 · WordPress · Photospace Responsive

Name of the Vulnerable Software and Affected Versions: Photospace Responsive plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting via the psres button size parameter due to insufficient input sanitization and output escaping...

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

CVE-2012-10016

CVE-2012-10016 affects the Halulu simple-download-button-shortcode WordPress plugin (version 1.0). The vulnerability lies in an unknown function within the file simple-download-button_dl.php of the Download Handler, where manipulation of the file argument leads to information disclosure. The issu...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987 WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-44987

CVE-2023-44987 affects the Timely Booking Button plugin for WordPress (versions

WordPress Plugin Timely Booking Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-9953 · WordPress · Halulu Simple-Download-Button-Shortcode Plugin

Name of the Vulnerable Software and Affected Versions: Halulu simple-download-button-shortcode Plugin version 1.0 Description: A vulnerability has been found in the Halulu simple-download-button-shortcode Plugin on WordPress. The issue affects an unknown function of the file simple-download-butto...

PT-2023-29333 · WordPress · Timely Booking Button

Name of the Vulnerable Software and Affected Versions: Timely Booking Button plugin versions = 2.0.2 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the system, whi...

CVE-2023-41131

Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...

CVE-2023-41131

Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...