CVE-2024-5964

CVE-2024-5964 (Zenon Lite theme) : WordPress Zenon Lite theme versions up to and including 1.9 are vulnerable to a stored XSS via the url parameter in the Button shortcode, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Contributor level or ...

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-1399 Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-2328 Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

Cross site scripting

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-2169 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...