PT-2024-37656 · WordPress · Sip Reviews Shortcode

Name of the Vulnerable Software and Affected Versions: SIP Reviews Shortcode for WooCommerce plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Stored Cross-Site Scripting via the no of reviews attribute in the "woocommerce reviews" shortcode. This is d...

WordPress plugin SIP Reviews Shortcode for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin SIP Reviews Shortcode for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress Quran Shortcode Plugin <= 1.5 is vulnerable to SQL Injection

Software Quran Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-51625 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c3f04d230d13 Credits LVT-tholv2k Required privilege Contributor Published ...

WordPress Reftagger Shortcode Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Reftagger Shortcode Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51612 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 461153da6fea Credits SOPROBRO Required privilege Contributo...

WordPress WP Simple Anchors Links plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpanchor Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpanchor Shortcode vulnerability discovered by theviper17y in WordPress Plugin WP Simple Anchors Links versions = 1.0.0...

CVE-2024-8444

The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting...

CVE-2024-10108 WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-10223

CVE-2024-10223 affects the WP Team – WordPress Team Member Plugin up to version 1.1.4. The vulnerability is a Stored Cross-Site Scripting (XSS) via the htteamember shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. It requires authenticated access at...

CVE-2024-8444

CVE-2024-8444 concerns the WordPress Download Manager plugin prior to version 3.3.00. The vulnerability arises because certain shortcode parameters aren’t properly sanitized, enabling a cross-site scripting (XSS) issue. Affected product: Download Manager WordPress plugin (versions

CVE-2024-8627

The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9846

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9846 Enable Shortcodes inside Widgets,Comments and Experts <= 1.0.0 - Unauthenticated Arbitrary Shortcode Execution

The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-9846

CVE-2024-9846: Enable Shortcodes inside Widgets,Comments and Experts (WordPress) Affected: WordPress plugin Enable Shortcodes inside Widgets,Comments and Experts (

PT-2024-39639 · WordPress · Wp Simple Anchors Links

Name of the Vulnerable Software and Affected Versions: WP Simple Anchors Links plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpanchor shortcode due to insufficient input sanitization and output escaping ...

PT-2024-39912 · WordPress · Wp Baidu Map

Name of the Vulnerable Software and Affected Versions: WP Baidu Map plugin for WordPress versions up to, and including, 1.2.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the baidu map shortcode. This allows authenticated...

PT-2024-16124 · WordPress · Wp Team – Wordpress Team Member Plugin

Name of the Vulnerable Software and Affected Versions: WP Team – WordPress Team Member Plugin versions up to, and including, 1.1.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's htteamember shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39017 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.3.00 Description: The issue is related to the Download Manager WordPress plugin, where some shortcode parameters are not properly sanitized, leading to cross-site scripting. Recommendation...

WordPress plugin Widget or Sidebar Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...