8976 matches found
CVE-2024-13700
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13349
The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-12451
The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-8494 Elementor Website Builder Pro – More than Just a Page Builder <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...
CVE-2024-8494
The CVE concerns Elementor Website Builder Pro for WordPress. Affected: all versions up to and including 3.25.10. Issue: authenticated attackers with Contributor+ access can exploit the elementor-template shortcode to exfiltrate sensitive information from Private, Pending, and Draft Templates (Se...
CVE-2024-13453
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13453 Contact Form & SMTP Plugin for WordPress by PirateForms <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution
The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13453
CVE-2024-13453 – WordPress PirateForms plugin vulnerability (CVE summary) The WordPress plugin “Contact Form & SMTP Plugin for WordPress by PirateForms” (up to version 2.6.0) allows unauthenticated attackers to trigger arbitrary shortcodes through an action that calls do_shortcode without proper ...
CVE-2024-13470
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
WordPress Bulk Me Now plugin <= 2.0 - Stored XSS via Shortcode vulnerability
Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Bulk Me Now! versions = 2.0...
WordPress Contact Form & SMTP Plugin for WordPress by PirateForms plugin <= 2.6.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Contact Form & SMTP Plugin versions = 2.6.0...
WordPress Ninja Forms plugin <= 3.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Ninja Forms versions = 3.8.24...
WordPress Elementor Pro plugin <= 3.25.10 - Authenticated (Contributor+) Sensitive Information Exposure via Shortcode vulnerability
Authenticated Contributor+ Sensitive Information Exposure via Shortcode vulnerability discovered by Ankit Patel in WordPress Plugin Elementor Pro versions = 3.25.10...
WordPress EthereumICO plugin <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ethereum-ico Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via ethereum-ico Shortcode vulnerability discovered by zaim in WordPress Plugin EthereumICO versions = 2.4.6...
WordPress Alex Reservations: Smart Restaurant Booking plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Alex Reservations versions = 2.0.5...
CVE-2024-12708
The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-12708
The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-12708 Bulk Me Now <= 2.0 - Stored XSS via Shortcode
The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2025-1851 · WordPress · Wp Dispensary
Name of the Vulnerable Software and Affected Versions: WP Dispensary plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpd menu' shortcode due to insufficient input sanitization and output escaping on...