Simple Membership < 4.4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3734

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-3554

The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on...

CVE-2024-3340

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-1797

The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wpulikecounter' and 'wpulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied paramete...

CVE-2024-1572

The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it possible for...

CVE-2023-7030

The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...

CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-1897 Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode

The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers, with...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957 Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

CVE-2024-3957

Booster for WooCommerce (CVE-2024-3957) allows unauthenticated arbitrary shortcode execution in versions up to 7.1.8. Wordfence notes the issue as a patched vulnerability, with CVSS v3.1 base score 7.3 (HIGH) and no user interaction required. Connected documents confirm the affected software and ...

CVE-2024-1896 Photo Gallery <= 1.4.2 - Authenticated(Contributor+) PHP Object Injection via Shortcode

The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.2 via deserialization via shortcode of untrusted input from the 'awllgsettings'...

CVE-2024-1896

CVE-2024-1896 affects the WordPress plugin Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery. It allows PHP Object Injection via deserialization of untrusted input in the shortcode attribute awl_lg_settings_ for versions up to 1.4.1. An auth...

WordPress Follow Us Badges plugin <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpsitefollowusbadges Shortcode vulnerability discovered by Lucio Sá in WordPress Plugin Follow Us Badges versions = 3.1.10...

WordPress WP Recipe Maker plugin <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode vulnerability discovered by stealthcopter in WordPress Plugin WP Recipe Maker versions = 9.3.1...

WordPress plugin Grid Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...