CVE-2024-10910

CVE-2024-10910 affects Grid Plus – Unlimited grid layout (WordPress) up to version 1.3.5. The flaw allows unauthenticated attackers to execute arbitrary shortcodes via the grid_plus_load_by_category AJAX action, because a value used by do_shortcode is not properly validated. Status: the vulnerabi...

CVE-2024-11433

The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11433 Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpreviveasync' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11442 Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

WordPress Surbma | SalesAutopilot Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | SalesAutopilot Shortcode versions = 2.0...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17415 · WordPress · Carousel Slider & Grid Ultimate

Name of the Vulnerable Software and Affected Versions: Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress versions up to, and including, 1.9.10 Description: The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary...

PT-2024-17212 · WordPress · Kvcore Idx Plugin

Name of the Vulnerable Software and Affected Versions: kvCORE IDX plugin for WordPress versions up to, and including, 2.3.35 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows unauthenticated...

PT-2024-17308 · WordPress · Social Media Shortcodes

Name of the Vulnerable Software and Affected Versions: Social Media Shortcodes plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode due to insufficient input sanitization and output escaping...

PT-2024-17311 · WordPress · Add Infos To The Events Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Add infos to the events calendar plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode due to insufficient input sanitization and output...

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...

PT-2024-17548 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: Woodmart theme for WordPress versions up to 8.0.3 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action without properly validating a value before...

PT-2024-16637 · WordPress · The Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus – Unlimited grid layout plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes via the "grid plus load by category" AJAX action. This is...

PT-2024-17604 · WordPress · Wp-Revive Adserver

Name of the Vulnerable Software and Affected Versions: WP-Revive Adserver plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wprevive async shortcode due to insufficient input sanitization and output escaping...

PT-2024-17334 · WordPress · Powerbi Embed Reports

Name of the Vulnerable Software and Affected Versions: PowerBI Embed Reports plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'MO API POWER BI' shortcode due to insufficient input sanitization and output...

PT-2024-17238 · WordPress · Currency Converter Widget ⚡ Pro

Name of the Vulnerable Software and Affected Versions: Currency Converter Widget ⚡ PRO plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on user-suppli...

WordPress plugin WoodMart 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-16996 · WordPress · Horizontal Scroll Image Slideshow

Name of the Vulnerable Software and Affected Versions: Horizontal scroll image slideshow plugin for WordPress versions up to and including 10.1 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes i...