WordPress File Manager Advanced Shortcode Plugin <= 2.4 is vulnerable to Directory Traversal

Software File Manager Advanced Shortcode Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2023-7062 Patch priority Low CVSS severity Low 7.7 Developer Claim ownership PSID a83d051bcbb6 Credits Colin Xu Required privilege...

PT-2024-37218 · WordPress · Webico Slider Flatsome Addons

Name of the Vulnerable Software and Affected Versions: Webico Slider Flatsome Addons plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wbc image shortcode due to insufficient input sanitization and output...

PT-2024-37252 · WordPress · Simple Alert Boxes

Name of the Vulnerable Software and Affected Versions: The Simple Alert Boxes plugin for WordPress versions up to, and including, 1.4.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Alert shortcode, allowing...

CVE-2024-37554

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in CodeAstrology Team UltraAddons Elementor Lite Header & Footer Builder, Menu Builder, Cart Icon, Shortcode.This issue affects UltraAddons Elementor Lite Header & Footer Builder, Menu Builder,...

WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.4...

WordPress Amelia Shortcode Extended plugin <= 1.6 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin Amelia Shortcode Extended versions = 1.6...

WordPress Amelia Shortcode Extended Plugin <= 1.6 is vulnerable to Backdoor

Software Amelia Shortcode Extended Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6bcf0ef7322f Credits Sansec.io Required privilege Unauthenticated Published 3...

CVE-2024-5938

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5938 Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Boot Store theme <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Boot Store versions = 1.6.4...

PT-2024-18037 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...

PT-2024-37253 · WordPress · Boot Store

Name of the Vulnerable Software and Affected Versions: The Boot Store theme for WordPress versions up to, and including, 1.6.4 Description: The issue is related to Stored Cross-Site Scripting via the link parameter within the theme's Button shortcode due to insufficient input sanitization and...

WordPress Stock Ticker plugin <= 3.24.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock_ticker Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via stockticker Shortcode vulnerability discovered by Dale Mavers in WordPress Plugin Stock Ticker versions = 3.24.4...

CVE-2024-6363

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stockticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2024-37568 · WordPress · Stock Ticker

Name of the Vulnerable Software and Affected Versions: Stock Ticker plugin for WordPress versions up to, and including, 3.24.4 Description: The issue is related to Stored Cross-Site Scripting via the stock ticker shortcode due to insufficient input sanitization and output escaping on user-supplie...

CVE-2024-5922 Scylla lite <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5922

CVE-2024-5922 affects the Scylla lite WordPress theme. It is a stored XSS vulnerability via the url parameter in the theme’s Button shortcode, affecting all versions up to and including 1.8.3. Exploitation requires authenticated access (Contributor level or higher) and can inject scripts that exe...

CVE-2024-5925 Theron Lite <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5788 Silesia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...