CVE-2024-10640

CVE-2024-10640 concerns the FOX – Currency Switcher Professional for WooCommerce (WordPress) plugin. It allows unauthenticated users to trigger arbitrary shortcode execution because the value passed to do_shortcode is not properly validated. Affected versions are up to and including 1.4.2.2; the ...

CVE-2024-10640 The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-51625

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through = 1.5...

CVE-2024-51625 WordPress Quran Shortcode plugin <= 1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through = 1.5...

CVE-2024-51625

CVE-2024-51625 is a WordPress plugin issue in Quran Shortcode (EDC Team) with an SQL injection vulnerability. Connected sources confirm: affected software is Quran Shortcode versions up to 1.5 (and earlier); root cause is improper neutralization of special elements in SQL commands, leading to bli...

CVE-2024-10688

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10688 Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure

The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10669

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10667 Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure

The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the csb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-10669

CVE-2024-10669 affects the WordPress plugin “Countdown Timer block – Display the event’s date into a timer.” The issue is Information Exposure via the [ctb] shortcode in all versions up to and including 1.2.4, allowing authenticated users with Contributor-level access or higher to retrieve data f...

WordPress plugin Quran Shortcode SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin Display Terms Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Reftagger Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin The Paid Membership Subscriptions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exis...

PT-2024-34753 · Unknown · Seo Themes Display Terms Shortcode

Name of the Vulnerable Software and Affected Versions: SEO Themes Display Terms Shortcode versions 1.0.0 through 1.0.4 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an...

PT-2024-16142 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.0 Description: The issue is related to arbitrary shortcode execution due to the software...

PT-2024-16426 · WordPress · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress versions up to, and including, 1.4.2.2 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value...

WordPress plugin Emoji Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34751 · Elsner Technologies Pvt. · Emoji Shortcode

Name of the Vulnerable Software and Affected Versions: Elsner Technologies Pvt. Ltd. Emoji Shortcode versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in t...