WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsaiosnapchat Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Click to Chat – WP Support All-in-One Floating Widget versions = 2.3.3...

CVE-2024-10055

The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaiosnapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-9703

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

WordPress Arconix Shortcodes plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.12...

WordPress Simple Code Insert Shortcode Plugin <= 1.0 is vulnerable to SQL Injection

Software Simple Code Insert Shortcode Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49613 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID df05b471af58 Credits João Pedro S Alcântara Kinorth Required...

PT-2024-39910 · WordPress · T(-) Countdown

Name of the Vulnerable Software and Affected Versions: T- Countdown plugin for WordPress versions up to, and including, 2.4.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the tminus shortcode, allowing authenticated attacker...

PT-2024-39770 · WordPress · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.12 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input...

WordPress Flat UI Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via flatbtn Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Flat UI Button versions 1.0...

CVE-2024-48022

The CVE-2024-48022 entry concerns a Stored XSS in the WordPress plugin Shortcode For Elementor Templates (

CVE-2024-9898

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9898 Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Parallax Image plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via dd-parallax Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Parallax Image versions = 1.8...

WordPress plugin Shortcode For Elementor Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

Exploit for Code Injection in Themehunk Wp_Popup_Builder

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lea...

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061

The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...