CVE-2024-8623 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...

CVE-2024-8623 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...

CVE-2024-8623

CVE-2024-8623 relates to the MDTF – Meta Data and Taxonomies Filter WordPress plugin. It affects versions up to and including 1.3.3.3, where improper validation allows unauthenticated users to trigger do_shortcode and execute arbitrary shortcodes. The vulnerability is due to unvalidated input pas...

CVE-2024-8657

The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress MDTF plugin <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin MDTF versions = 1.3.3.3...

PT-2024-39047 · WordPress · Special Text Boxes

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...

PT-2024-39142 · WordPress · Mailoptin

Name of the Vulnerable Software and Affected Versions: MailOptin plugin for WordPress versions up to, and including, 1.2.70.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39156 · WordPress · Garden Gnome Package

Name of the Vulnerable Software and Affected Versions: The Garden Gnome Package plugin for WordPress versions up to, and including, 2.2.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

PT-2024-39138 · WordPress · Mdtf

Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.3 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not proper...

WordPress WP Custom Fields Search plugin <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Custom Fields Search versions = 1.2.35...

PT-2024-38970 · WordPress · Wp Custom Fields Search

Name of the Vulnerable Software and Affected Versions: WP Custom Fields Search plugin for WordPress versions up to, and including, 1.2.35 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode due to insufficient input sanitization and output...

WordPress Simple Spoiler plugin <= 1.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Spoiler versions = 1.3...

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FOX versions = 1.4.2.1...

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8271 FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...