PT-2024-26550 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's wpgmza shortcode. This allows authenticat...

WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to:...

WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks As a contributor, add a shortcod...

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.32...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...

WordPress PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin <= 1.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode versions = 1.7...

CVE-2024-3201 WP DSGVO Tools (GDPR) <= 3.1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pplink' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

CVE-2024-3065

CVE-2024-3065 concerns the PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress. The description states it is vulnerable to Stored Cross-Site Scripting in all versions up to and including 1.7 due to insufficient input sanitization and output escaping. The vulnerabilit...

WP Photo Album Plus < 8.7.00.004 - Unauthenticated Arbitrary Shortcode Execution

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcod...

WordPress plugin WP Ultimate Post Grid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...

PT-2024-31746 · WordPress · Layerslider

Name of the Vulnerable Software and Affected Versions: LayerSlider plugin for WordPress version 7.11.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ls search form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes...

PT-2024-24355 · WordPress · Wp Dsgvo Tools

Name of the Vulnerable Software and Affected Versions: WP DSGVO Tools GDPR plugin for WordPress versions up to, and including, 3.1.32 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'pp link' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-4261

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-4261 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-4261

CVE-2024-4261 affects the Responsive Contact Form Builder & Lead Generation Plugin for WordPress, enabling authenticated users with subscriber+ privileges to execute arbitrary shortcodes via improper validation in do_shortcode. The Red Hat entry corroborates the issue and the Wordfence summary no...

CVE-2024-4362

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteoriginwidget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-3671 Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it possible for...

WordPress SiteOrigin Widgets Bundle plugin <= 1.60.0 - - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode vulnerability

WordPress SiteOrigin Widgets Bundle plugin = 1.60.0 - - Authenticated Contributor+ Stored Cross-Site Scripting via 'siteoriginwidget' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.60.0...

WordPress WP Font Awesome Share Icons plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin WP Font Awesome Share Icons versions = 1.1.1...