CVE-2023-0367

CVE-2023-0367 affects the WordPress plugin Pricing Tables For WPBakery Page Builder (formerly Visual Composer) before 3.0. The issue arises from inadequate validation/escaping of certain shortcode attributes, allowing stored XSS when the shortcode is output on a page/post. Impact: potential Store...

CVE-2023-1325 Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

PT-2023-16853 · Wpbakery · Pricing Tables For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Pricing Tables For WPBakery Page Builder formerly Visual Composer versions prior to 3.0 Description: The issue allows any authenticated users, such as subscribers, to perform Local File Inclusion LFI attacks due to the lack of validation of...

Affiliate Links Lite <= 2.5 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0363

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4827

The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-15659 · WordPress · Wp Tiles

Name of the Vulnerable Software and Affected Versions: WP Tiles WordPress plugin versions 1.1.2 and earlier Description: The issue concerns the WP Tiles WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

CVE-2023-0399

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

CVE-2023-0399 Image Over Image For WPBakery Page Builder < 3.0 - Contributor+ Stored XSS

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

PT-2023-16241 · WordPress · Image Over Image For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: The Image Over Image For WPBakery Page Builder WordPress plugin versions prior to 3.0 Description: The issue arises from the plugin's failure to validate and escape certain shortcode attributes before outputting them in a page or post,...

Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Required theme:...

CVE-2023-0823

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-1069

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0491

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0491 Schedulicity - Easy Online Scheduling <= 2.21 - Contributor+ Stored XSS

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2023-16735 · WordPress · Complianz Premium Wordpress Plugin +1

Name of the Vulnerable Software and Affected Versions: Complianz WordPress plugin versions prior to 6.4.2 Complianz Premium WordPress plugin versions prior to 6.4.2 Description: The issue is related to the failure of the Complianz WordPress plugin and Complianz Premium WordPress plugin to validat...

PT-2023-16130 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.3.3 Description: The issue concerns the NEX-Forms WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This cou...

PT-2023-16434 · WordPress · Smart Slider 3

Name of the Vulnerable Software and Affected Versions: Smart Slider 3 versions prior to 3.5.1.14 Description: The issue arises from the improper validation and escaping of some shortcode attributes in the Smart Slider 3 WordPress plugin, which could allow users with the contributor role and above...