CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12415 AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12415

CVE-2024-12415 : The WordPress AI Infographic Maker plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 4.9.0. The flaw arises from executing a value via do_shortcode without proper validation, enabling attackers to run arbitrary shortcodes. A...

CVE-2024-13472

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472

CVE-2024-13472 affects the WordPress plugin “WooCommerce Product Table Lite” (versions up to and including 3.9.4). The issue allows unauthenticated attackers to achieve arbitrary shortcode execution due to improper validation before running do_shortcode, and the same sc_attrs parameter is vulnera...

CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13472 WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

WordPress Ticketmeo plugin <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin Ticketmeo versions = 2.3.6...

CVE-2024-13101

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS

The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2025-2152 · WordPress · Frictionless

Name of the Vulnerable Software and Affected Versions: Frictionless plugin for WordPress versions up to, and including, 0.0.23 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the frictionless form shortcode. This allows...

PT-2025-2153 · WordPress · Wpradio

Name of the Vulnerable Software and Affected Versions: WPRadio – WordPress Radio Streaming Plugin versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wpradio player shortcode. This allows...

PT-2025-2187 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.9.4 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before runnin...

PT-2025-1837 · WordPress · Ai Infographic Maker

Name of the Vulnerable Software and Affected Versions: AI Infographic Maker plugin for WordPress versions up to, and including, 4.9.0 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes i...

WordPress AI Infographic Maker plugin <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Infographic Maker – iList versions = 4.9.0...

WordPress WooCommerce Product Table Lite plugin <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by mikemyers in WordPress Plugin WooCommerce Product Table Lite versions = 3.9.4...

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

CVE-2024-13670

The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pnmsv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...