WordPress plugin AMP Img Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-34719 · WordPress · Wpza Amp Img Shortcode

Name of the Vulnerable Software and Affected Versions: WPZA AMP Img Shortcode versions 1.0.0 through 1.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker...

PT-2024-35194 · Andrew Milo · Postcasa Shortcode

Name of the Vulnerable Software and Affected Versions: Postcasa Shortcode versions 1.0 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This is a DOM-Based XSS vulnerability in the Andrew Milo...

PT-2024-16662 · WordPress · Wp Photo Album Plus

Name of the Vulnerable Software and Affected Versions: WP Photo Album Plus versions prior to 8.8.08.007 WP Photo Album Plus versions prior to 8.8.08.004 Description: The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via the getshortcodedrenderedfenodelay...

PT-2024-34716 · Unknown · Ml Responsive Audio Player With Playlist Shortcode

Name of the Vulnerable Software and Affected Versions: ML Responsive Audio player with playlist Shortcode versions 0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

CVE-2024-51610

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4...

CVE-2024-51610

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in seothemes Display Terms Shortcode display-terms-shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through = 1.0.4...

CVE-2024-51609

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through 1.0.0...

CVE-2024-51609

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aakif Kadiwala Emoji Shortcode emoji-shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through = 1.0.0...

CVE-2024-51612

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designerken Reftagger Shortcode reftagger-shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through = 1.1...

CVE-2024-51609 WordPress Emoji Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aakif Kadiwala Emoji Shortcode emoji-shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through = 1.0.0...

CVE-2024-51609 WordPress Emoji Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aakif Kadiwala Emoji Shortcode emoji-shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through = 1.0.0...

CVE-2024-51610

CVE-2024-51610 is a stored XSS in the WordPress plugin Display Terms Shortcode (vulnerable: 1.0.4 and earlier). The issue stems from improper input neutralization during page generation, enabling stored scripts. Public sources identify the affected plugin versions as &lt;= 1.0.4; remediation deta...

CVE-2024-51612

CVE-2024-51612 : Stored XSS in WordPress plugin “Reftagger Shortcode” (versions n/a–1.1) due to improper input neutralization during web page generation. Public docs confirm this vulnerability affects the Reftagger Shortcode plugin up to v1.1; exploitation details are not provided, and no patch/v...

CVE-2024-10640

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10261

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261

CVE-2024-10261 affects the Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction WordPress plugin (

CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10640 The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...