8962 matches found
WordPress Notibar – Notification Bar for WordPress plugin <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution via njtnofitext vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Notibar versions = 2.1.4...
WordPress Coupon Affiliates plugin <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability
Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Coupon Affiliates versions = 5.16.7.1...
WordPress WPMobile.App plugin <= 11.52 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WPMobile.App versions = 11.52...
WordPress Simple Link Directory plugin <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Simple Link Directory versions = 8.4.0...
WordPress SVG Shortcode plugin <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by Pierre Rudloff in WordPress Plugin SVG Shortcode versions = 1.0.1...
WordPress WoodMart plugin <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme WoodMart versions = 8.0.3...
WordPress Geoportail Shortcode plugin <= 2.4.4 - CSRF to Stored Cross-Site Scripting vulnerability
CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Geoportail Shortcode versions = 2.4.4...
CVE-2024-12333
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...
CVE-2024-12333
CVE-2024-12333 affects the Woodmart WordPress theme. The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via the woodmart_instagram_ajax_query AJAX action because a value is not properly validated before running do_shortcode. This is a shortcode execution flaw in al...
CVE-2024-11181
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wpreusablerender' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticate...
CVE-2024-11766 WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsbookshowcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output...
CVE-2024-11766
CVE-2024-11766 affects WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more (WordPress GS Books Showcase) up to version 1.3.1. It enables Stored Cross-Site Scripting via the gs_book_showcase shortcode due to insufficient input sanitization/output escaping on use...
CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...
CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...
CVE-2024-11384
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-10910
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category
The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...