PT-2023-15659 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue concerns the WP Tiles WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

CVE-2023-0399

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2023-0399 Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

PT-2023-16241 · WordPress · Image Over Image For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: The Image Over Image For WPBakery Page Builder WordPress plugin versions prior to 3.0 Description: The issue arises from the plugin's failure to validate and escape certain shortcode attributes before outputting them in a page or post,...

Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Required theme:...

CVE-2023-1069

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0823

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0491

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0491 Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16130 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.3.3 Description: The issue concerns the NEX-Forms WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This cou...

PT-2023-16735 · WordPress · Complianz Premium Wordpress Plugin +1

Name of the Vulnerable Software and Affected Versions: Complianz WordPress plugin versions prior to 6.4.2 Complianz Premium WordPress plugin versions prior to 6.4.2 Description: The issue is related to the failure of the Complianz WordPress plugin and Complianz Premium WordPress plugin to validat...

PT-2023-16434 · WordPress · Smart Slider 3

Name of the Vulnerable Software and Affected Versions: Smart Slider 3 versions prior to 3.5.1.14 Description: The issue arises from the improper validation and escaping of some shortcode attributes in the Smart Slider 3 WordPress plugin, which could allow users with the contributor role and above...

CVE-2023-0369

The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0365

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0364

The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0370

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0167

The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0145

The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...