CVE-2024-9543

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-12417

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-9292

The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-12529

The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-9885

The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9702

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-51612

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designerken Reftagger Shortcode reftagger-shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through = 1.1...

CVE-2024-51827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through = 1.0.0...

CVE-2024-51898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sachin8600 Semantic Shortcode semantic-shortcode allows Stored XSS.This issue affects Semantic Shortcode: from n/a through = 1.0.1...

CVE-2024-51904

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joan Boluda Embed documents shortcode embed-documents-shortcode allows Stored XSS.This issue affects Embed documents shortcode: from n/a through = 1.5...

CVE-2024-51823

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SherkSpear Add Ribbon Shortcode add-ribbon allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through = 1.0.1...

CVE-2024-51678

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcel Pol Elo Rating Shortcode elo-rating-shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through = 1.0.3...

CVE-2024-51610

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in seothemes Display Terms Shortcode display-terms-shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through = 1.0.4...

CVE-2024-51804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobmatnyc Moka Get Posts Shortcode moka-get-posts allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through = 1.0...

CVE-2024-51576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through = 1.0.1...

CVE-2024-6256

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-12459

The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12415

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12419

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-11606

The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...