PT-2024-37768 · WordPress · Mdx Theme

Name of the Vulnerable Software and Affected Versions: MDx theme for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mdx list item' shortcode due to insufficient input sanitization and output escaping on user-suppli...

WordPress Cooked Plugin <= 1.8.0 - Authenticated (Subscriber+) Persistent Cross-Site Scripting via Shortcode vulnerability

Authenticated Subscriber+ Persistent Cross-Site Scripting via Shortcode vulnerability discovered by re-alter in WordPress Plugin Cooked versions = 1.8.0...

CVE-2024-41816 WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the ‘cooked-timer’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticate...

WordPress Horizontal scrolling announcements plugin <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by István Márton in WordPress Plugin Horizontal scrolling announcements versions = 2.4...

CVE-2024-2090

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

CVE-2024-2090 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery

The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...

WordPress Remote Content Shortcode plugin <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Remote Content Shortcode versions = 1.5...

WordPress plugin Remote Content Shortcode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Remote Content...

PT-2024-18813 · WordPress · Remote Content Shortcode

Name of the Vulnerable Software and Affected Versions: Remote Content Shortcode plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with contributor-level access and above to make web requests to arbitrary locations originating from the we...

WordPress Download Manager plugin <= 3.2.97 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Jack Taylor in WordPress Plugin Download Manager versions = 3.2.97...

CVE-2024-7100

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbbutton shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

PT-2024-38075 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 5.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bt bb button shortcode due to insufficient input sanitization and output escapin...

WordPress Master Currency WP plugin <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Currency Converter Form Shortcode vulnerability discovered by Artem Polynko Artem Polynko in WordPress Plugin Master Currency WP versions = 1.1.61...

CVE-2024-6634 Master Currency WP <= 1.1.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via Currency Converter Form Shortcode

The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-37763 · WordPress · Master Currency Wp

Name of the Vulnerable Software and Affected Versions: Master Currency WP plugin versions up to, and including, 1.1.61 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the currencyconverterform shortcode. This allows authenticat...

PT-2024-37417 · WordPress · Flipbox Builder

Name of the Vulnerable Software and Affected Versions: Flipbox Builder plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input in the flipbox...

CVE-2024-6930

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2024-6629

The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress All-in-One Video Gallery plugin <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Video Shortcode vulnerability discovered by Webbernaut in WordPress Plugin All-in-One Video Gallery versions = 3.7.1...

WordPress WP Booking Calendar plugin <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingform Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bookingform Shortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Booking Calendar versions = 10.2.1...