PT-2024-17255 · WordPress · Financial Calculator

Name of the Vulnerable Software and Affected Versions: Financial Calculator plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's finance calculator shortcode due to insufficient input sanitization and output...

PT-2024-17633 · WordPress · Embed Twine

Name of the Vulnerable Software and Affected Versions: Embed Twine plugin for WordPress versions up to, and including, 0.1.0 Description: The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed twine' shortcode due to insufficient input sanitizati...

PT-2024-16969 · WordPress · Spotlight

Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17631 · WordPress · Nacc Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: NACC WordPress Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-17248 · WordPress · Outdooractive Embed

Name of the Vulnerable Software and Affected Versions: Outdooractive Embed plugin for WordPress version 1.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-17256 · WordPress · Sell Tickets Online – Ticketsource Ticket Shop

Name of the Vulnerable Software and Affected Versions: Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin versions up to, and including, 3.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode due to insufficient input...

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11740

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11740

The CVE-2024-11740 entry concerns the WordPress Download Manager plugin (versions up to and including 3.3.03). The root cause is improper validation before executing do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes via an action. This results in an unauthenticated ...

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Download Manager plugin <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Download Manager versions = 3.3.03...

CVE-2024-12061

The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naeventselementortemplate shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, wi...

PT-2024-17598 · WordPress · Video Share Vod – Turnkey Video Site Builder Script

Name of the Vulnerable Software and Affected Versions: Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress versions prior to 2.6.31 Description: The issue is related to Stored Cross-Site Scripting in the plugin's videowhisper player html shortcode due to insufficient input...

PT-2024-16993 · WordPress · Scancircle

Name of the Vulnerable Software and Affected Versions: ScanCircle plugin for WordPress versions up to, and including, 2.9.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's scancircle shortcode. This allows...

PT-2024-17318 · WordPress · Easy Waveform Player

Name of the Vulnerable Software and Affected Versions: Easy Waveform Player plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode due to insufficient input sanitization and output...

WordPress Category Post Shortcode Plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin Category Post Shortcode versions = 2.4...

CVE-2024-54414

Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...

CVE-2024-54414 WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...

CVE-2024-54414

CVE-2024-54414 refers to a Cross-Site Forgery to Stored Cross-Site Scripting issue in the WordPress plugin Geoportail Shortcode . Connected records indicate affected versions are up to 2.4.4, with the root cause described as CSRF enabling stored XSS. The Red Hat entry and ENISA/Wordfence aggregat...