PT-2024-16984 · WordPress · Stars Testimonials

Name of the Vulnerable Software and Affected Versions: Stars Testimonials plugin for WordPress versions up to, and including, 3.3.3 Description: The Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion via the stars-testimonials-with-slider-and-masonry-grid shortcode. Thi...

PT-2024-16536 · WordPress · Anywhere Elementor

Name of the Vulnerable Software and Affected Versions: AnyWhere Elementor plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from private or draft posts created by Elementor that...

WordPress Contact Form Builder plugin <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via livesite-pay Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form Builder by vcita versions = 4.10.4...

CVE-2024-11897

The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-10952

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10952

CVE-2024-10952 affects the WordPress Authors List plugin (versions up to 2.0.4). The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via update_authors_list_ajax, because the action does not validate the value before running do_shortcode. Impact is unauthenticated s...

CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin Listdom 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

PT-2024-17336 · WordPress · Wp Cards

Name of the Vulnerable Software and Affected Versions: WP eCards plugin for WordPress versions up to, and including, 1.3.904 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17227 · WordPress · Responsive Video

Name of the Vulnerable Software and Affected Versions: Responsive Videos plugin for WordPress versions up to, and including, 2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-17295 · WordPress · Listdom

Name of the Vulnerable Software and Affected Versions: Listdom – Business Directory and Classified Ads Listings WordPress Plugin versions up to, and including, 3.7.0 Description: The issue is related to Stored Cross-Site Scripting via the shortcode parameter due to insufficient input sanitization...

PT-2024-16619 · WordPress · Searchiq

Name of the Vulnerable Software and Affected Versions: SearchIQ – The Search Solution plugin for WordPress versions up to, and including, 4.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'siq searchbox' shortcode due to insufficient input sanitization and outp...

WordPress Listdom plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via shortcode Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Listdom versions = 3.7.0...

WordPress Authors List plugin <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax vulnerability

Unauthenticated Arbitrary Shortcode Execution via updateauthorslistajax vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Authors List versions = 2.0.4...

CVE-2024-12062

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharityelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-12062

The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.3 via the 'nacharityelementortemplate' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers...

CVE-2024-11898

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

PT-2024-17331 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to and including 2.6.9 Description: The issue concerns a stored cross-site scripting vulnerability due to insufficient input sanitization and output escaping on...

CVE-2024-53736

Cross-Site Request Forgery CSRF vulnerability in Jason Grim Custom Shortcode Sidebars custom-shortcode-sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through = 1.2...