PT-2024-16981 · WordPress · The Autolisticle

Name of the Vulnerable Software and Affected Versions: The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode due to...

CVE-2024-11388

The Dino Game – Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10172

The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's voidwbwhmcselaoutssearch shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2024-10696

CVE-2024-10696 affects UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS, Woo Widget, Menu Builder, Anywhere Elementor Shortcode) for WordPress. Versions

CVE-2024-10696 UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode

The UltraAddons – Elementor Addons Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the showtemplate due to missing validatio...

PT-2024-16442 · WordPress · The Easy Twitter Feed – Twitter Feeds Plugin For Wp

Name of the Vulnerable Software and Affected Versions: The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress version 1.2.6 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private,...

WordPress UltraAddons plugin <= 1.1.8 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode vulnerability

Insecure Direct Object Reference to Sensitive Information Exposure via UATemplate Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin UltraAddons Elementor Lite versions = 1.1.8...

CVE-2024-10899

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899 WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-10899

CVE-2024-10899 affects WordPress plugin WooCommerce Product Table Lite up to version 3.8.6. It allows unauthenticated attackers to execute arbitrary shortcodes due to unvalidated input before do_shortcode, and the same id parameter is vulnerable to Reflected XSS. The remediation is to upgrade to ...

PT-2024-16091 · WordPress · Beds24 Online Booking

Name of the Vulnerable Software and Affected Versions: Beds24 Online Booking plugin for WordPress versions up to, and including, 2.0.26 Description: The issue is related to Stored Cross-Site Scripting via the plugin's beds24-link shortcode due to insufficient input sanitization and output escapin...

PT-2024-16995 · WordPress · Grey Owl Lightbox

Name of the Vulnerable Software and Affected Versions: The Grey Owl Lightbox plugin for WordPress versions up to, and including, 1.6.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gol button' shortcode due to insufficient input sanitization and output escapin...

WordPress plugin WooCommerce Product Table Lite 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-16970 · WordPress · Shine Pdf Embeder

Name of the Vulnerable Software and Affected Versions: Shine PDF Embeder plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode due to insufficient input sanitization and output escaping on...

WordPress WooCommerce Product Table Lite plugin <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability

Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WooCommerce Product Table Lite versions = 3.8.6...

CVE-2024-51898

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sachin8600 Semantic Shortcode semantic-shortcode allows Stored XSS.This issue affects Semantic Shortcode: from n/a through = 1.0.1...

CVE-2024-51890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through = 2.4.4...