CVE-2023-0079

The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0079 Customer Reviews for WooCommerce < 5.17.0 - Contributor+ Stored XSS

The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

PT-2024-11917 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce WordPress plugin versions prior to 5.17.0 Description: The issue is related to the failure of the Customer Reviews for WooCommerce WordPress plugin to validate and escape some of its shortcode attributes befor...

PT-2024-11918 · WordPress · Upqode Google Maps Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: UpQode Google Maps WordPress plugin versions 1.0.0 through 1.0.5 Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

CVE-2023-6934

The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6624

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6934 Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6624 Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-15082 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.92 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output...

Spectra < 2.7.10 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-5942

The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4514

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-32432 · WordPress · Medialist

Name of the Vulnerable Software and Affected Versions: Medialist WordPress plugin versions prior to 1.4.1 Description: The issue concerns the Medialist WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

CVE-2023-4799

The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

ShortCodes UI <= 1.9.8 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Medialist < 1.4.1 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC medialist style='"...

CVE-2023-5774 Animated Counters <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...

CVE-2023-4795

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...