CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-12419

CVE-2024-12419 affects the Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler. All versions up to 1.7.0 allow unauthenticated users to trigger arbitrary shortcode execution by calling an action that does not validate the value before do_shortcode. This also enables Reflected Cross-...

PT-2025-1666 · WordPress · Tabs Shortcode

Name of the Vulnerable Software and Affected Versions: Tabs Shortcode WordPress plugin versions 2.0.2 and earlier Description: The issue concerns the Tabs Shortcode WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page or post...

PT-2025-1710 · WordPress · Slider Pro Lite

Name of the Vulnerable Software and Affected Versions: Slider Pro Lite plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's sliderpro shortcode. This allows...

WordPress plugin mcjh button shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Smoothness Slider Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress plugin FancyPost 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Toggles Shortcode and Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2025-1690 · WordPress · Sell Media

Name of the Vulnerable Software and Affected Versions: Sell Media plugin for WordPress versions up to and including 2.5.8.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the sell media...

PT-2025-1849 · WordPress · Marketplace Items

Name of the Vulnerable Software and Affected Versions: Marketplace Items plugin for WordPress versions up to, and including, 1.5.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'marketplace' shortcode. This allow...

PT-2025-3735 · WordPress · The Social Rocket – Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: Social Rocket – Social Sharing Plugin versions up to and including 1.3.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the socialrocket-floating shortcode. This allows...

PT-2025-1904 · WordPress · Sellsy Plugin

Name of the Vulnerable Software and Affected Versions: Sellsy plugin for WordPress versions prior to 2.3.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode due to insufficient input sanitization and output escaping on user-supplied attribute...

PT-2025-1650 · WordPress · Common Ninja

Name of the Vulnerable Software and Affected Versions: Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to stored cross-site scripting due to insufficient input...

PT-2025-1870 · WordPress · Wp Jquery Datatable

Name of the Vulnerable Software and Affected Versions: WP jQuery DataTable plugin for WordPress versions up to, and including, 4.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wp jdt' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-1686 · WordPress · App Embed

Name of the Vulnerable Software and Affected Versions: App Embed plugin for WordPress versions up to and including 2.3.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'appizy'...

PT-2025-4546 · Unknown · Smoothness Slider Shortcode

Name of the Vulnerable Software and Affected Versions: Smoothness Slider Shortcode versions n/a through v1.2.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

PT-2025-1590 · WordPress · Fancypost

Name of the Vulnerable Software and Affected Versions: FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress versions up to, and including, 6.0.0 Description: The issue is related to unauthorized access of data due to a missing...

WordPress plugin Tabs Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-4549 · Unknown · Mcjh Button Shortcode

Name of the Vulnerable Software and Affected Versions: mcjh button shortcode versions 1.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...