CVE-2023-5048

The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ContactFormBuilder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for...

CVE-2023-5234

The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5128

The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

CVE-2023-2448

CVE-2023-2448 concerns the WordPress UserPro plugin. Affected versions are up to and including 5.1.4, where a missing capability check in the function userpro_shortcode_template allows unauthenticated attackers to perform arbitrary shortcode execution and unauthorized data access. The incident is...

CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-19620 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to and including 5.1.1 Description: The issue allows authenticated attackers with subscriber-level permissions and above to disclose sensitive user information. This is possible due to insufficient...

WordPress Plugin HTML filter and csv-file search security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-32124 · WordPress · Drop Shadow Boxes

Name of the Vulnerable Software and Affected Versions: Drop Shadow Boxes plugin for WordPress versions up to, and including, 1.7.13 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the dropshadowbox shortcode. This allows...

PT-2023-31714 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: HTML filter and csv-file search plugin for WordPress versions up to 2.7 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'csvsearch' shortcode, allowing...

PT-2023-31865 · WordPress · Weather Atlas Widget

Name of the Vulnerable Software and Affected Versions: The Weather Atlas Widget plugin for WordPress versions up to, and including, 1.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'shortcode-weather-atlas' shortcode,...

PT-2023-31963 · WordPress · Related Products For Woocommerce

Name of the Vulnerable Software and Affected Versions: Related Products for WooCommerce plugin for WordPress versions up to, and including, 3.3.15 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the woo-related shortcode. This...

PT-2023-32281 · WordPress · Wp Post Columns

Name of the Vulnerable Software and Affected Versions: WP Post Columns plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'column' shortcode due to insufficient input sanitization and output escaping on...

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

PT-2023-32248 · WordPress · Garden Gnome Package

Name of the Vulnerable Software and Affected Versions: Garden Gnome Package plugin for WordPress versions up to, and including, 2.2.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode due to insufficient input sanitization and output escaping on...

VulnCheck KEV: CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...