CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

WP DSGVO Tools (GDPR) < 3.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pplink' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-32840 · WordPress · Jquery T(-) Countdown Widget

Name of the Vulnerable Software and Affected Versions: jQuery T- Countdown Widget plugin for WordPress versions up to, and including, 2.3.25 Description: The issue is related to Stored Cross-Site Scripting via the plugin's tminus shortcode due to insufficient input sanitization and output escapin...

CVE-2024-4553

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This...

CVE-2024-3345

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-3345

CVE-2024-3345 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg (formerly WooLentor). The WordPress ShopLentor plugin is vulnerable to Stored Cross-Site Scripting via the woolentorsearch shortcode due to insufficient input sanitization and output escaping on user-supplied attribu...

WordPress Page Builder by SiteOrigin plugin <= 2.29.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'siteorigin_widget' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'siteoriginwidget' Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Page Builder by SiteOrigin versions = 2.29.15...

WordPress ShopLentor plugin <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via woolentorsearch Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin ShopLentor versions = 2.8.8...

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

ShopLentor < 2.8.9 - Contributor+ Stored XSS via woolentorsearch Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...

PT-2024-31684 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'su members' shortcode due to insufficient input sanitization and output escaping ...

PT-2024-30604 · Siteorigin · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.29.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'siteorigin widget' shortcode due to insufficient input sanitization and...

PT-2024-32408 · WordPress · Ubermenu

Name of the Vulnerable Software and Affected Versions: UberMenu plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

PT-2024-31214 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms slide info' shortcode due to insufficient input...

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

PT-2024-27890 · WordPress · Salient Core

Name of the Vulnerable Software and Affected Versions: Salient Core plugin for WordPress versions up to, and including, 2.0.7 Description: The Salient Core plugin for WordPress is vulnerable to Local File Inclusion via the nectar icon shortcode icon linea attribute. This allows authenticated...

PT-2024-27329 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.10.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'give form' shortcode when used with a legacy form. This is due to...

CVE-2023-45652

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...