CVE-2024-12417 Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12417 Simple Link Directory <= 8.4.5 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12417

CVE-2024-12417 concerns the Simple Link Directory plugin for WordPress. The issue is arbitrary shortcode execution in versions up to and including 8.4.0, caused by a lack of proper validation before executing do_shortcode, enabling unauthenticated attackers to run arbitrary shortcodes. The Red Ha...

CVE-2024-12420 WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12421 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12420

CVE-2024-12420 affects the WordPress plugin WPMobile.App (Android/iOS) and allows unauthenticated users to trigger arbitrary shortcode execution via do_shortcode due to improper value validation. Version coverage includes all up to 11.52. Public details show the issue involves executing shortcode...

CVE-2024-12421

The Coupon Affiliates – Affiliate Plugin for WooCommerce for WordPress is affected by CVE-2024-12421, enabling unauthenticated arbitrary shortcode execution via an unchecked value in do_shortcode (and also Reflected XSS). The Cross-Site Scripting was patched in 5.16.7.1, while the arbitrary short...

CVE-2024-12420 WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12421 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12574

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress Out of the Block: OpenStreetMap plugin <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via ootbquery Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Out of the Block: OpenStreetMap versions = 2.8.3...

CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-12574 SVG Shortcode <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2024-17588 · WordPress · Wpmobile.App

Name of the Vulnerable Software and Affected Versions: WPMobile.App — Android and iOS Mobile Application plugin for WordPress versions up to, and including, 11.52 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execut...

PT-2024-17606 · WordPress · Property Hive Stamp Duty Calculator

Name of the Vulnerable Software and Affected Versions: Property Hive Stamp Duty Calculator plugin for WordPress versions up to, and including, 1.0.22 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stamp duty calculator scotland' shortcode due to insufficient...

WordPress plugin SVG Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

PT-2024-17243 · WordPress · Newsmanapp

Name of the Vulnerable Software and Affected Versions: NewsmanApp plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'newsman subscribe widget' shortcode due to insufficient input sanitization and output...

PT-2024-17233 · WordPress · Trafft

Name of the Vulnerable Software and Affected Versions: Booking System Trafft plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode due to insufficient input sanitization and output...

PT-2024-17586 · WordPress · Simple Link Directory

Name of the Vulnerable Software and Affected Versions: Simple Link Directory plugin for WordPress versions up to, and including, 8.4.0 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode, making it...

PT-2024-17661 · WordPress · Svg Shortcode

Name of the Vulnerable Software and Affected Versions: SVG Shortcode plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...