PT-2024-37758 · WordPress · All-In-One Video Gallery

Name of the Vulnerable Software and Affected Versions: All-in-One Video Gallery plugin for WordPress versions up to, and including, 3.7.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Video shortcode, allowing...

WordPress plugin All-in-One Video Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

WordPress plugin WP Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-37121

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5...

CVE-2024-37121

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5...

CVE-2024-37121 WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5...

CVE-2024-37121

CVE-2024-37121 is a Stored XSS vulnerability in WordPress plugin Shortcode Addons (biplob018 Shortcode Addons) affecting versions up to 3.2.5. The issue is described as Improper Neutralization of Input During Web Page Generation. Public details in connected sources confirm the vulnerability vecto...

CVE-2024-37121 WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5...

PT-2024-27317 · Unknown · Biplob018 Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018 Shortcode Addons versions 3.2.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

CVE-2024-38679

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Yongki Agustinus Animated Typed JS Shortcode allows Stored XSS.This issue affects Animated Typed JS Shortcode: from n/a through 2.0...

CVE-2024-37960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...

CVE-2024-37960

CVE-2024-37960 is a stored XSS in the WordPress plugin CodePen Embedded Pens Shortcode (versions &lt;= 1.0.0). The vulnerability stems from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected: CodePen Embedded Pens Shortcode,

CVE-2024-2337

The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonialsgrid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-28122 · Unknown · Yongki Agustinus Animated Typed Js Shortcode

Name of the Vulnerable Software and Affected Versions: Yongki Agustinus Animated Typed JS Shortcode versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

PT-2024-27866 · Codepen · Codepen Embedded Pens Shortcode

Name of the Vulnerable Software and Affected Versions: CodePen Embedded Pens Shortcode versions 1.0.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

PT-2024-37275 · WordPress · Zenon Lite

Name of the Vulnerable Software and Affected Versions: Zenon Lite theme for WordPress versions up to, and including, 1.9 Description: The issue arises from insufficient input sanitization and output escaping in the url parameter within the theme's Button shortcode, allowing authenticated attacker...

CVE-2024-5255

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5255

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5254

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...