EUVD-2014-4477

Malware in sbrugna...

WordPress Shortcode Ninja Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Shortcode Ninja is a form builder plugin used in it. WordPress Shortcode Ninja 1.4 and earlier versions of the...

CVE-2014-4550

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

CVE-2014-4550

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

CVE-2014-4550

CVE-2014-4550 is a cross-site scripting vulnerability in the WordPress plugin Shortcode Ninja up to version 1.4 (and earlier) in the file preview-shortcode-external.php . The root cause is insufficient validation/escaping of the shortcode parameter, allowing remote attackers to inject arbitrary s...

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. PoC http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...