CVE-2024-7963 CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Shortcode For Elementor Templates plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin Shortcode For Elementor Templates versions = 1.0.0...

CVE-2024-9292 Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2024-39547 · WordPress · The Bridge Core

Name of the Vulnerable Software and Affected Versions: The Bridge Core plugin for WordPress versions up to, and including, 3.2.0 Description: The issue is related to Stored Cross-Site Scripting via the formforall shortcode due to insufficient input sanitization and output escaping on user-supplie...

CVE-2024-9445

The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displaymediumposts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9421

The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-9421 Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter

The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Login Logout Shortcode plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via class Parameter vulnerability discovered by theviper17y in WordPress Plugin Login Logout Shortcode versions = 1.1.0...

CVE-2024-8254

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254

CVE-2024-8254 affects the Email Subscribers by Icegram Express for WordPress (

WordPress Email Subscribers by Icegram Express wplugin <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.34...

WordPress Stars Testimonials plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via starstestimonials Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Stars Testimonials versions = 3.3.1...

PT-2024-39355 · WordPress · Geo Mashup

Name of the Vulnerable Software and Affected Versions: Geo Mashup plugin for WordPress versions up to, and including, 1.13.13 Description: The issue is related to Stored Cross-Site Scripting in the Geo Mashup plugin for WordPress. It occurs due to insufficient input sanitization and output escapi...

PT-2024-38892 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress versions up to, and including, 5.7.34 Description: The issue is related to arbitrary shortcode execution due to t...

CVE-2024-8239

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...

CVE-2024-8547

The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's popup shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Simple Popup 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...