PT-2025-1839 · WordPress · Cf7 Wow Styler

Name of the Vulnerable Software and Affected Versions: The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress versions prior to 1.7.1 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value befor...

WordPress Marketplace Items plugin <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zaim in WordPress Plugin Marketplace Items versions = 1.5.5...

WordPress FancyPost plugin <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export vulnerability

Missing Authorization to Authenticated Subscriber+ Shortcode Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin FancyPost versions = 6.0.0...

WordPress Social Rocket plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Social Rocket versions = 1.3.4...

WordPress CF7 WOW Styler plugin <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin CF7 WOW Styler versions = 1.7.1...

CVE-2024-11930

The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppmtasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2025-1717 · WordPress · The Taskbuilder

Name of the Vulnerable Software and Affected Versions: The Taskbuilder – WordPress Project & Task Management plugin versions up to, and including, 3.0.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wppm tasks shortcode due to insufficient input sanitization an...

CVE-2024-11733

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

WordPress Taskbuilder plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wppmtasks Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Taskbuilder versions = 3.0.6...

CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-11733

CVE-2024-11733 concerns WordPress Popular Posts for WordPress. Affected: all versions up to and including 7.1.0. Root cause: unvalidated value is passed to do_shortcode, allowing an attacker to trigger shortcode execution. Impact: unauthenticated attackers can execute arbitrary shortcodes, enabli...

CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

WordPress Popular Posts plugin <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Popular Posts versions = 7.1.0...

CVE-2024-56021

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through = 2.4...

WordPress plugin Category Post Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

CVE-2024-56021 WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibnuyahya Category Post Shortcode category-post-shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through = 2.4...

CVE-2024-56021 WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ibnuyahya Category Post Shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through 2.4...

PT-2024-36672 · Unknown · Ibnuyahya Category Post Shortcode

Name of the Vulnerable Software and Affected Versions: ibnuyahya Category Post Shortcode versions 2.4 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the ibnuyahya...

WordPress Ninja Forms plugin <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Ninja Forms versions = 3.8.22...

CVE-2024-12238

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...