PT-2024-28534 · Woocommerce · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Booster for WooCommerce plugin versions up to, and including, 7.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depend on what other plugins are...

PT-2024-28469 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with subscriber access or higher to modify the plugin's settings a...

PT-2024-27133 · WordPress · Leaflet Maps Marker

Name of the Vulnerable Software and Affected Versions: Leaflet Maps Marker plugin for WordPress versions up to, and including, 3.12.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes, such as...

PT-2024-15183 · WordPress · Collapse-O-Matic

Name of the Vulnerable Software and Affected Versions: Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'expand' shortcode due to insufficient input sanitization and output escaping on th...

PT-2024-27485 · Woocommerce · Fox – Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: The FOX – Currency Switcher Professional for WooCommerce plugin versions up to, and including, 1.4.1.8 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability of this issue depe...

PT-2024-26241 · WordPress · Wp Recipe Maker

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode due to insufficient input sanitization and output...

PT-2024-28758 · WordPress · Wordpress Header Builder Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Header Builder Plugin – Pearl plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stm hb' shortcode due to insufficient input sanitization and...

PT-2024-25232 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.272 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode due to insufficient input sanitization an...

PT-2024-18829 · WordPress · Booster Extension

Name of the Vulnerable Software and Affected Versions: Booster Extension plugin for WordPress version 1.2.0 and earlier Description: The issue allows unauthenticated attackers to extract sensitive data, including user emails, via the booster extension authorbox shortcode display function...

PT-2024-24873 · WordPress · Follow Us Badges

Name of the Vulnerable Software and Affected Versions: Follow Us Badges plugin for WordPress versions up to, and including, 3.1.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpsite follow us badges shortcode due to insufficient input sanitization and output...

WordPress Booster for WooCommerce plugin <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Booster for WooCommerce versions = 7.1.8...

Booster for WooCommerce < 7.1.9 - Unauthenticated Arbitrary Shortcode Execution

Description The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed...

Follow Us Badges < 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode

Description The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsitefollowusbadges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress WordPress Header Builder Plugin – Pearl plugin <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Pearl versions = 1.3.6...

WordPress Booster Extension plugin <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display vulnerability

Basic Information Exposure via boosterextensionauthorboxshortcodedisplay vulnerability discovered by Krzysztof Zając in WordPress Plugin Booster Extension versions = 1.2.0...

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

WordPress Grid Gallery – Photo Image Grid Gallery plugin <= 1.4.3 - Authenticated (Contributor+) PHP Object Injection via shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Grid Gallery versions = 1.4.3...

WordPress Inline Google Spreadsheet Viewer plugin <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Inline Google Spreadsheet Viewer versions = 0.13.2...

WordPress Calendar plugin <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Calendar versions = 1.3.14...