CVE-2024-6859

The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3919

The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2024-3710

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...

PT-2024-28383 · WordPress · Openpgp Form Encryption

Name of the Vulnerable Software and Affected Versions: OpenPGP Form Encryption for WordPress plugin version 1.5.0 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...

PT-2024-27298 · WordPress · Image Photo Gallery Final Tiles Grid

Name of the Vulnerable Software and Affected Versions: Image Photo Gallery Final Tiles Grid WordPress plugin versions prior to 3.6.0 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege use...

CVE-2024-2430

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

PT-2024-36330 · WordPress · Bible Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Bible Text WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perfo...

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-35080 · Spotify · Spotify Play Button Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Spotify Play Button WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

WordPress Plugin Spotify Play Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-30643 · WordPress · Dop Shortcodes

Name of the Vulnerable Software and Affected Versions: DOP Shortcodes WordPress plugin versions 1.2 and earlier Description: The issue concerns the DOP Shortcodes WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or pos...

PT-2024-36350 · WordPress · Paypal Pay Now

Name of the Vulnerable Software and Affected Versions: PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users...

CVE-2024-5475

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...

WordPress plugin Responsive video embed security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Custom Field Suite plugin is a custom field adding plugin used in it.Media Library...

PT-2024-20342 · WordPress · Website Content In Page/Post

Name of the Vulnerable Software and Affected Versions: Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 Description: The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes befor...

CVE-2024-5038

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-4705

The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...