1401 matches found
PT-2023-15679 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro WordPress plugin versions prior to 2.9.9 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low a...
UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...
PT-2023-15992 · WordPress · Amazon Js Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Amazon JS WordPress plugin versions 0.10 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the Amazon JS WordPress plugin, which can lead to Stored Cross-Site Scripting attacks...
PT-2023-15978 · WordPress · Judge.Me Product Reviews
Name of the Vulnerable Software and Affected Versions: Judge.me Product Reviews for WooCommerce WordPress plugin versions prior to 1.3.21 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and abov...
Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC lptwrecentposts colorscheme='"...
PT-2023-15960 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor WordPress plugin versions prior to 1.0.14 Description: The issue concerns the JetWidgets For Elementor WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting...
PT-2023-14565 · WordPress · Widgets On Pages
Name of the Vulnerable Software and Affected Versions: Widgets on Pages WordPress plugin versions prior to 1.8.0 Description: The issue concerns the failure to validate and escape shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...
PT-2023-15413 · WordPress · Gigpress
Name of the Vulnerable Software and Affected Versions: GigPress WordPress plugin versions prior to 2.3.28 Description: The issue concerns the GigPress WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...
PT-2023-14532 · WordPress · Yarpp
Name of the Vulnerable Software and Affected Versions: YARPP WordPress plugin versions prior to 5.30.3 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the YARPP WordPress plugin, which could allow users with the contributor role and above to...
CVE-2023-0153
The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0170
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0148
The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0147
The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0143
The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
CVE-2023-0154
The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0176
The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0150
The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0171
The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0173
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0149
The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...