CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-36330 · WordPress · Bible Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Bible Text WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perfo...

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WPCS versions = 1.2.0.3...

WordPress Animated Typed JS Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Animated Typed JS Shortcode versions = 2.0...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.0...

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sonaaraudioplayer Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.5...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tab Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.8...

WordPress oik plugin <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bwbutton Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin oik versions = 4.10.3...

WordPress Simple Alert Boxes plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Alert Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Alert Boxes versions = 1.4.0...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-3603 OSM – OpenStreetMap <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...

CVE-2024-3603

CVE-2024-3603 affects the OSM – OpenStreetMap WordPress plugin. All versions up to 6.0.2 are vulnerable to a Stored XSS via the plugin’s osm_map shortcode due to insufficient input sanitization and output escaping for attributes (e.g., theme). Exploitation requires contributor-level access or hig...

WordPress Webico Slider Flatsome Addons plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wbcimage Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Webico Slider Flatsome Addons versions = 2.0.1...

WordPress Advanced File Manager Shortcode plugin <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by Colin Xu in WordPress Plugin File Manager Advanced Shortcode versions = 2.5.3...

PT-2024-26854 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...