CVE-2024-10175 Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wdo_pricing_tables Shortcode

The Pricing Tables For WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdopricingtables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied...

WordPress Ragic Shortcode Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Ragic Shortcode Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11431 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 23c8df579fc3 Credits zakaria Required privilege...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

WordPress Paid Membership Subscriptions plugin <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Paid Member Subscriptions versions = 2.13.0...

WordPress WOOCS – WooCommerce Currency Switcher plugin <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin FOX versions = 1.4.2.2...

PT-2024-16820 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Reflected Cross-Site Scripting in multiple WordPress plugins due to insufficient input sanitization and output escaping in the cminds free guide shortcode...

WordPress plugin InPost Gallery 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-16694 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery plugin for WordPress versions up to, and including, 2.1.4.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software not properly validatin...

PT-2024-16772 · WordPress · Bne Gallery Extended

Name of the Vulnerable Software and Affected Versions: BNE Gallery Extended plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

WordPress BNE Gallery Extended plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via gallery Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin BNE Gallery Extended versions = 1.2.1...

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

WordPress InPost Gallery plugin <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via inpostgallerygetshortcodetemplate vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin InPost Gallery versions = 2.1.4.2...

WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...