CVE-2024-54414 WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...

WordPress Tithe.ly Giving Button plugin <= 1.1 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Tithe.ly Giving Button versions = 1.1...

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11841

The CVE CVE-2024-11841 concerns the Tithe.ly Giving Button WordPress plugin (version up to 1.1) where shortcode attributes are not properly escaped/validated before output. This can enable Stored Cross-Site Scripting (XSS) attacks when a page or post embeds the shortcode and an attacker with Cont...

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-17338 · WordPress · Animated Counters

Name of the Vulnerable Software and Affected Versions: Animated Counters plugin for WordPress versions up to, and including, 2.0 Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode due to insufficient inp...

WordPress plugin Tithe.ly Giving Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Geoportail Shortcode 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin.... A cross-site request forgery...

CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12459

CVE-2024-12459 – WordPress Ganohrs Toggle Shortcode : A stored XSS vulnerability exists in the Ganohrs Toggle Shortcode plugin for WordPress, affecting versions up to 0.2.4. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes used by the plugin’s t...

CVE-2024-12459 Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode

The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

PT-2024-17602 · WordPress · Ganohrs Toggle Shortcode

Name of the Vulnerable Software and Affected Versions: Ganohrs Toggle Shortcode plugin for WordPress versions up to, and including, 0.2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode due to insufficient input sanitization and output escaping...

WordPress plugin Ganohrs Toggle Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2024-17236 · WordPress · Bukza

Name of the Vulnerable Software and Affected Versions: Bukza plugin for WordPress versions up to, and including, 2.0.0 Description: The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode due to insufficient input sanitization and output...

PT-2024-17313 · WordPress · Cricket Live Score

Name of the Vulnerable Software and Affected Versions: Cricket Live Score plugin for WordPress versions prior to 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cricket score' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17247 · WordPress · Post Carousel & Slider

Name of the Vulnerable Software and Affected Versions: The Post Carousel & Slider plugin for WordPress versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode due to insufficient input sanitization and output...

PT-2024-17231 · WordPress · Tcbd Popover

Name of the Vulnerable Software and Affected Versions: TCBD Popover plugin for WordPress versions prior to 1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image' shortcode due to insufficient input sanitization and output escaping on user-suppli...