8962 matches found
PT-2024-17232 · WordPress · Eveeno
Name of the Vulnerable Software and Affected Versions: Eveeno plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-17328 · WordPress · Permalinker
Name of the Vulnerable Software and Affected Versions: The Permalinker plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17315 · WordPress · Stripe Donation Plugin
Name of the Vulnerable Software and Affected Versions: Stripe Donation plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stripe donation' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin Get Post Content Shortcode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-17595 · WordPress · Post To Pdf
Name of the Vulnerable Software and Affected Versions: Post to Pdf plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gmptp single post' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17596 · WordPress · Get Post Content Shortcode
Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...
PT-2024-17636 · WordPress · Woocommerce Cart Count Shortcode
Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode plugin for WordPress versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the cart button shortcode. This...
PT-2024-17639 · WordPress · States Map Us
Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...
PT-2024-17310 · WordPress · Glomex Oembed Plugin
Name of the Vulnerable Software and Affected Versions: glomex oEmbed plugin for WordPress versions prior to 0.9.1 Description: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's glomex integration shortcode due to insufficient input sanitization a...
PT-2024-17312 · WordPress · Kredeum Nfts
Name of the Vulnerable Software and Affected Versions: Kredeum NFTs versions up to, and including, 1.6.9 Description: The Kredeum NFTs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum opensky' shortcode due to insufficient input sanitization and output...
PT-2024-17628 · WordPress · Simple Locator
Name of the Vulnerable Software and Affected Versions: The Simple Locator plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...
WordPress Get Post Content Shortcode plugin <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure via postcontent Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Get Post Content Shortcode versions = 0.4...
WordPress WooCommerce Cart Count Shortcode plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WooCommerce Cart Count Shortcode versions = 1.0.4...
CVE-2024-11012
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-11012
CVE-2024-11012 (Notibar – Notification Bar for WordPress) is a vulnerability in the Notibar WordPress plugin where an authenticated user with Subscriber+ privileges can trigger arbitrary shortcode execution through the njt_nofi_text AJAX action. The root cause is lack of proper validation before ...
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-12421
The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-12417
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...
CVE-2024-12420
The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...