8962 matches found
PT-2023-32294 · WordPress · Live Chat With Facebook Messenger
Name of the Vulnerable Software and Affected Versions: Live Chat with Facebook Messenger plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode due to insufficient input sanitization and outpu...
PT-2023-31779 · WordPress · Delete Me
Name of the Vulnerable Software and Affected Versions: Delete Me plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin delete me shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2023-31682 · WordPress · Advanced Menu Widget
Name of the Vulnerable Software and Affected Versions: Advanced Menu Widget plugin for WordPress versions up to, and including, 0.4.1 Description: The issue is related to Stored Cross-Site Scripting via the 'advMenu' shortcode due to insufficient input sanitization and output escaping on...
PT-2023-28939 · WordPress · Litespeed Cache
Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache plugin for WordPress versions up to, and including, 5.6 Description: The issue is related to Stored Cross-Site Scripting via the esi shortcode due to insufficient input sanitization and output escaping on user-supplied...
CVE-2023-5086
The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
CVE-2023-5109
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpmlmailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5615
The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5337
The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacke...
CVE-2023-4961
The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-4999
The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's horizontal-scrolling shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2023-4796
The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjwpoption' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with...
CVE-2023-4961 Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5200
The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5308
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-4968
The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-5613
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5614
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-5668 WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2023-32013 · WordPress · Advanced Custom Fields: Extended
Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields: Extended plugin for WordPress versions up to, and including, 0.8.9.3 Description: The issue is related to Stored Cross-Site Scripting via the 'acfe form' shortcode due to insufficient input sanitization and output...
WordPress Plugin Booster for WooCommerce Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...