80 matches found
CVE-2026-9677
The CVE-2026-9677 entry concerns the Shariff for WordPress plugin (up to v1.0.11). The vulnerability arises because the shariff_infourl setting is not sanitized or escaped before being output in frontend HTML via the generateshariff() function. This can enable Stored Cross-Site Scripting by high-...
EUVD-2026-39947
The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariffinfourl setting before outputting it in the frontend HTML via the generateshariff function, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334
The CVE-2026-4334 entry concerns the Shariff Wrapper WordPress plugin (versions up to 4.6.20) with a Stored XSS risk. The issue stems from insufficient input sanitization and output escaping in the [shariff] shortcode’s headline parameter, where a custom wp_kses with permissive HTML and a post-sa...
CVE-2026-4334 Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2026-32750
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-4334 Shariff Wrapper <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress plugin Shariff Wrapper 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-44214
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headline' parameter in the shariff shortcode in all versions up to, and including, 4.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Shariff Wrapper plugin <= 4.6.20 - Authenticated (Contributor+) Cross-Site Scripting vulnerability
Authenticated Contributor+ Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Shariff Wrapper versions = 4.6.20...
CVE-2024-2695
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius', 'services' and...
EUVD-2024-17202
Malicious code in bioql PyPI...
EUVD-2024-26148
Malicious code in bioql PyPI...
EUVD-2024-27641
Malicious code in bioql PyPI...
CVE-2024-1106
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-29109
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10...
CVE-2024-0966
The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'infotext'. This makes it possible for...
CVE-2024-4098
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...