PT-2024-16034 · WordPress · Simplenews

Name of the Vulnerable Software and Affected Versions: Simple News plugin for WordPress versions up to, and including, 2.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'news' shortcode. This allows authenticated...

PT-2024-16065 · WordPress · Bamazoo – Button Generator

Name of the Vulnerable Software and Affected Versions: Bamazoo – Button Generator plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dgs shortcode. This allows...

PT-2024-16064 · WordPress · Awesome Buttons

Name of the Vulnerable Software and Affected Versions: Awesome buttons plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's btn2 shortcode due to insufficient input sanitization and output escaping on user-suppli...

WordPress Simple News plugin <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via news Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via news Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Simple News versions = 2.8...

CVE-2024-10180

The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.2...

CVE-2024-10050 Elementor Header & Footer Builder <= 1.6.43 - Authenticated (Contributor+) Information Disclosure via Shortcode

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfetemplate shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft...

WordPress Contact Form 7 - Repeatable Fields plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode vulnerability

WordPress Contact Form 7 - Repeatable Fields plugin = 2.0.1 - Authenticated Contributor+ Stored Cross-Site Scripting via fieldgroup Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form 7 - Repeatable Fields versions = 2.0.1...

WordPress Compact WP Audio Player plugin <= 1.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via sc_embed_player Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via scembedplayer Shortcode vulnerability discovered by theviper17y in WordPress Plugin Compact WP Audio Player versions = 1.9.13...

PT-2024-15998 · Elementor · Elementor Header & Footer Builder

Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder plugin for WordPress versions up to, and including, 1.6.43 Description: The issue allows authenticated attackers with Contributor-level access and above to view the contents of Draft, Private, and...

CVE-2024-10189

The Anchor Episodes Index Spotify for Podcasters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchorepisodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This...

PT-2024-16103 · WordPress · The Anchor Episodes Index

Name of the Vulnerable Software and Affected Versions: The Anchor Episodes Index Spotify for Podcasters plugin for WordPress versions up to, and including, 2.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's anchor episodes shortcode due to insufficient input...

CVE-2024-49613

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0...

CVE-2024-49613

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through = 1.0...

CVE-2024-49613

CVE-2024-49613 describes an SQL Injection in the WordPress plugin Simple Code Insert Shortcode (vulnerable:

WordPress plugin Simple Code Insert Shortcode SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-9897

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-39923 · WordPress · Streamweasels Twitch Integration

Name of the Vulnerable Software and Affected Versions: StreamWeasels Twitch Integration plugin for WordPress versions up to, and including, 1.8.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode due to insufficient input sanitization and...

WordPress StreamWeasels Twitch Integration plugin <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-twitch-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin StreamWeasels Twitch Integration versions = 1.8.6...

WordPress Simple Code Insert Shortcode plugin <= 1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Simple Code Insert Shortcode versions = 1.0...