1405 matches found
PT-2024-17122 · WordPress · Bold Page Builder
Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...
CVE-2023-7029
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-7069
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6530
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-6530 TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-18971 · WordPress · Social Sharing Plugin
Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin WordPress plugin versions prior to 3.3.61 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform Stor...
CVE-2023-0079
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0094
The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0079 Customer Reviews for WooCommerce < 5.17.0 - Contributor+ Stored XSS
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
PT-2024-11918 · WordPress · Upqode Google Maps Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: UpQode Google Maps WordPress plugin versions 1.0.0 through 1.0.5 Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
PT-2024-11917 · WordPress · Customer Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce WordPress plugin versions prior to 5.17.0 Description: The issue is related to the failure of the Customer Reviews for WooCommerce WordPress plugin to validate and escape some of its shortcode attributes befor...
CVE-2023-6934
The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6624
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6934 Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6624 Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2024-15082 · WordPress · Amp For Wp – Accelerated Mobile Pages
Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.92 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output...
Spectra < 2.7.10 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-5942
The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4514
The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2023-32432 · WordPress · Medialist
Name of the Vulnerable Software and Affected Versions: Medialist WordPress plugin versions prior to 1.4.1 Description: The issue concerns the Medialist WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...