PT-2024-17319 · WordPress · Faq/Answers – Create Frequently Asked Questions Area

Name of the Vulnerable Software and Affected Versions: FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'faq' shortcode due to insufficie...

WordPress Arena.IM – Live Blogging for real-time events plugin <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via arenaembedamp Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.4.1...

SUSE CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

CVE-2024-10959

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959

CVE-2024-10959 details (Wordfence/Red Hat source): Affected software is the WordPress plugin Active Products Tables for WooCommerce. Use constructor to create tables . The vulnerability is an unauthenticated arbitrary shortcode execution via the woot_get_smth AJAX action, caused by executing do_s...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth vulnerability

Unauthenticated Arbitrary Shortcode Execution via wootgetsmth vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.6.5...

CVE-2024-54255

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through = 6.1.2...

CVE-2024-54255

CVE-2024-54255 — Open Redirect in WordPress Login Widget With Shortcode (Login Widget With Shortcode plugin)

PT-2024-36135 · Unknown · Login Widget With Shortcode

Name of the Vulnerable Software and Affected Versions: Login Widget With Shortcode versions n/a through 6.1.2 Description: The issue is an Open Redirect vulnerability that allows phishing attacks. This vulnerability exists in the Login Widget With Shortcode and can be exploited to redirect users ...

WordPress plugin Login Widget With Shortcode 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

CVE-2024-11380

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-16947 · WordPress · Mini Program Api

Name of the Vulnerable Software and Affected Versions: Mini Program API plugin for WordPress versions up to, and including, 1.4.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17337 · WordPress · 코드엠샵 소셜톡

Name of the Vulnerable Software and Affected Versions: 코드엠샵 소셜톡 plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'msntt add plus talk' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17003 · WordPress · Zooom

Name of the Vulnerable Software and Affected Versions: Zooom plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress ARMember plugin <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin ARMember versions = 4.0.51...

CVE-2024-10909

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681

CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...