8962 matches found
CVE-2024-11977
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-11977
CVE-2024-11977 concerns the kk Star Ratings – Rate Post & Collect User Feedbacks WordPress plugin. The WordPress plugin is vulnerable to arbitrary shortcode execution in all versions up to and including 5.4.10 due to unvalidated input passed to do_shortcode, enabling unauthenticated attackers to ...
PT-2024-17668 · WordPress · Magicpost
Name of the Vulnerable Software and Affected Versions: MagicPost plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wb share social shortcode due to insufficient input sanitization and output escaping on...
PT-2024-16813 · WordPress · Multi-Column Tag Map
Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map plugin for WordPress versions up to, and including, 17.0.33 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mctagmap shortcode due to insufficient input sanitization and output escaping o...
PT-2024-17378 · WordPress · Kk Star Ratings
Name of the Vulnerable Software and Affected Versions: The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress versions up to, and including, 5.4.10 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action...
PT-2024-17353 · WordPress · One Click Upsell Funnel For Woocommerce
Name of the Vulnerable Software and Affected Versions: The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress versions up to, and including, 3.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wps wocuf pro yes shortcode due to insufficient...
WordPress MagicPost plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wbsharesocial Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin MagicPost – WordPress文章管理功能增强插件 versions = 1.2.1...
WordPress Multi-column Tag Map plugin <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mctagmap Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Multi-column Tag Map versions = 17.0.33...
WordPress One Click Upsell Funnel for WooCommerce plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpswocufproyes Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin One Click Upsell Funnel for WooCommerce versions = 3.4.9...
WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...
WordPress Serious Slider plugin < 1.2.7 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Serious Slider versions 1.2.7...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-17327 · WordPress · Spoki
Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...
PT-2024-17249 · WordPress · Particle Background
Name of the Vulnerable Software and Affected Versions: Particle Background plugin for WordPress versions up to, and including, 1.0.2 Description: The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode due to insufficie...
PT-2024-17250 · WordPress · Pcrecruiter Extensions
Name of the Vulnerable Software and Affected Versions: PCRecruiter Extensions plugin for WordPress versions up to, and including, 1.4.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode due to insufficient input sanitization and output...