CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Artem Abramovich Art Decoration Shortcode plugin = 1.5.6 versions...

CVE-2023-35094

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin = 2.1.4 versions...

CVE-2023-35094

CVE-2023-35094 affects the WordPress plugin MPEmbed WP Matterport Shortcode. The connected Patchstack entry confirms a stored Cross-Site Scripting (XSS) vulnerability in versions

Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...

CVE-2023-29436

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

CVE-2023-29436

CVE-2023-29436 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Flyn San IFrame Shortcode” (Flynsarmy iframe shortcodes) affecting versions ≤ 1.0.5. The issue requires authenticated access (Contributor+), and exploit occurs via the plugin’s shortcode handling, enablin...

CVE-2023-0526

The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin menu shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2022-4679

The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Google Maps v3 Shortcode Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Google Maps v3 Shortcode Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23827 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6111df9930d9 Credits István Márton...

CVE-2022-4793 Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

WordPress Plugin shortcode-imdb SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

WordPress ShortCode Plugin Directory Traversal Vulnerability

WordPress ShortCode Plugin is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87214' version = '1' vulDate = '1409760000' createDate = '1442937600' references =...

Directory traversal

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-5465

The CVE-2014-5465 issue affects the WordPress ShortCode Plugin (Download ShortCode) version 0.2.3 and earlier, where force-download.php is vulnerable to directory traversal via a .. in the file parameter, enabling reading arbitrary local files. OpenVAS/PRION/CVE references corroborate a Local Fil...

CVE-2014-5465

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

WordPress ShortCode Plugin 1.1 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 1.1 Plugin Name : Download...