CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

CVE-2023-6993

The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values...

CVE-2023-6967

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

CVE-2023-6695

The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...

CVE-2023-6965 Pods - Custom Content Types and Fields - Missing Authorization

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode...

CVE-2023-6965

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode...

CVE-2023-6967 Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

WordPress Forminator plugin <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via forminatorform Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Forminator versions = 1.29.2...

PT-2024-18638 · WordPress · Passster

Name of the Vulnerable Software and Affected Versions: Passster plugin for WordPress versions up to, and including, 4.2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's content protector shortcode due to insufficient input sanitization and output escaping on...

PT-2024-15053 · WordPress · Beaver Themer

Name of the Vulnerable Software and Affected Versions: Beaver Themer plugin for WordPress versions up to, and including, 1.4.9 Description: The issue allows authenticated attackers with contributor access and above to extract sensitive data, including arbitrary user meta values, via the 'wpbb'...

WordPress Plugin Beaver Themer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24754 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the bt ...

PT-2024-15170 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue allows authenticated attackers with contributor level access or higher to...

PT-2024-18478 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions up to, and including, 5.3.1.0 Description: The issue is related to blind SQL Injection via the id parameter of the RM Form...

PT-2024-20372 · WordPress · Lightweight Accordion

Name of the Vulnerable Software and Affected Versions: Lightweight Accordion plugin for WordPress versions up to, and including, 1.5.16 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user...

PT-2024-18034 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.5.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in...

PT-2024-22441 · WordPress · The Betterdocs

Name of the Vulnerable Software and Affected Versions: The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg versions up to, and including, 3.4.2 Description: The issue arises from insufficient input sanitization and output...

PT-2024-15882 · WordPress · Watu Quiz

Name of the Vulnerable Software and Affected Versions: Watu Quiz plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-18400 · WordPress · Easy Property Listings

Name of the Vulnerable Software and Affected Versions: Easy Property Listings plugin for WordPress versions up to, and including, 3.5.2 Description: The issue is related to time-based SQL Injection via the property status shortcode attribute. This is due to insufficient escaping on the...