CVE-2023-5663

The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-6825

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

Directory traversal

The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possible for...

CVE-2024-1950 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and...

CVE-2024-1950 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and...

CVE-2024-1951 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection

The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor...

CVE-2023-6809 Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2024-1409 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...

CVE-2024-1582

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress Plugin Custom fields shortcode security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin WPBakery Page Builder Addons by Livemesh Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WP Go Maps (formerly WP Google Maps) < 9.0.33 - Contributor+ Stored Cross-Site Scripting via Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2024-15093 · WordPress · Custom Fields Shortcode Plugin

Name of the Vulnerable Software and Affected Versions: Custom fields shortcode plugin for WordPress version 0.1 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied custom post meta values, allowing authenticated attackers with...

PT-2024-18643 · Wpforms +2 · Wpforms +2

Name of the Vulnerable Software and Affected Versions: The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions prior to 1.3.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplie...

PT-2024-18445 · WordPress · The Logo Showcase Ultimate

Name of the Vulnerable Software and Affected Versions: The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress versions up to, and including, 1.3.8 Description: The issue allows authenticated attackers with contributor access and above to inject a PHP Object via...

WordPress Plugin WP Go Maps Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18148 · WordPress · Wp Go Maps

Name of the Vulnerable Software and Affected Versions: WP Go Maps plugin for WordPress versions up to, and including, 9.0.32 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'wpgmza' shortcode, allowing authenticate...

CVE-2024-2031

The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoomrecordingsbymeeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-17731 · WordPress · The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box

Name of the Vulnerable Software and Affected Versions: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions up to, and including, 6.5.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

PT-2024-15946 · WordPress · Shariff Wrapper

Name of the Vulnerable Software and Affected Versions: Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode due to insufficient input sanitization and output escaping on...