876 matches found
PT-2024-17586 · WordPress · Simple Link Directory
Name of the Vulnerable Software and Affected Versions: Simple Link Directory plugin for WordPress versions up to, and including, 8.4.0 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode, making it...
WordPress Coupon Affiliates plugin <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability
Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Coupon Affiliates versions = 5.16.7.1...
WordPress WPMobile.App plugin <= 11.52 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPMobile.App versions = 11.52...
WordPress Simple Link Directory plugin <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Simple Link Directory versions = 8.4.0...
WordPress WoodMart plugin <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme WoodMart versions = 8.0.3...
CVE-2024-12333
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-12333
CVE-2024-12333 affects the Woodmart WordPress theme. The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via the woodmart_instagram_ajax_query AJAX action because a value is not properly validated before running do_shortcode. This is a shortcode execution flaw in al...
CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-10910
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-10910
CVE-2024-10910 affects Grid Plus – Unlimited grid layout (WordPress) up to version 1.3.5. The flaw allows unauthenticated attackers to execute arbitrary shortcodes via the grid_plus_load_by_category AJAX action, because a value used by do_shortcode is not properly validated. Status: the vulnerabi...
WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability
Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...
WordPress plugin WoodMart 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2024-17548 · WordPress · Woodmart
Name of the Vulnerable Software and Affected Versions: Woodmart theme for WordPress versions up to 8.0.3 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action without properly validating a value before...
WordPress plugin Grid Plus 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2024-16637 · WordPress · The Grid Plus
Name of the Vulnerable Software and Affected Versions: The Grid Plus – Unlimited grid layout plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes via the "grid plus load by category" AJAX action. This is...
CVE-2024-10959
The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...
CVE-2024-10959
CVE-2024-10959 details (Wordfence/Red Hat source): Affected software is the WordPress plugin Active Products Tables for WooCommerce. Use constructor to create tables . The vulnerability is an unauthenticated arbitrary shortcode execution via the woot_get_smth AJAX action, caused by executing do_s...