PT-2023-16058 · WordPress · Juicer

Name of the Vulnerable Software and Affected Versions: Juicer WordPress plugin versions prior to 1.11 Description: The issue is related to the Juicer WordPress plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

PT-2023-15983 · WordPress · Companion Sitemap Generator

Name of the Vulnerable Software and Affected Versions: Companion Sitemap Generator WordPress plugin versions 4.5.1.1 and earlier Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the...

PT-2023-16344 · WordPress · Campaign Url Builder

Name of the Vulnerable Software and Affected Versions: Campaign URL Builder WordPress plugin versions prior to 1.8.2 Description: The issue is related to the Campaign URL Builder WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a...

Daily Prayer Time <= 2023.05.04 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0069

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0065

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0068

The Product GTIN EAN, UPC, ISBN for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0165

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0069 WPaudio MP3 Player <= 4.0.2 - Contributor+ Stored XSS

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0065 i2 Pros & Cons <= 1.3.1 - Contributor+ Stored XSS

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0064 eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0068 Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS

The Product GTIN EAN, UPC, ISBN for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0165 Cost Calculator <= 1.8 - Contributor+ Stored XSS

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16051 · WordPress · Cost Calculator

Name of the Vulnerable Software and Affected Versions: The Cost Calculator WordPress plugin versions 1.8 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Cost Calculator WordPress plugin, which could allow users with the...

PT-2023-15985 · WordPress · Woocommerce

Name of the Vulnerable Software and Affected Versions: The Product GTIN EAN, UPC, ISBN for WooCommerce WordPress plugin versions 1.1.1 and earlier Description: The issue concerns the failure to validate and escape certain shortcode attributes in the plugin, which could allow users with the...

WordPress plugin Advanced Recent Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress plugin Cost Calculator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Product GTIN for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Download Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin i2 Pros & Cons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...