8962 matches found
Cross site scripting
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
Cross site scripting
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4289 WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2023-4289 WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2023-4289
Summary (CVE-2023-4289) : The WP Matterport Shortcode WordPress plugin prior to version 2.1.8 fails to validate and escape certain shortcode attributes before output, enabling stored XSS for users with the Contributor role and higher when the shortcode is embedded on a page/post. Affected softwar...
CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4795 Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...
CVE-2023-4795
CVE-2023-4795 affects the WordPress plugin Testimonial Slider Shortcode (pre-1.1.9). The vulnerability arises from not validating/escaping certain shortcode attributes, enabling Stored XSS where an attacker with at least contributor privileges can target high-privilege users (e.g., admin). CVSSv3...
CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-4290
The CVE-2023-4290 entry affects the WP Matterport Shortcode WordPress plugin prior to version 2.1.7. The underlying issue is a reflected XSS caused by not escaping the PHP_SELF server variable when outputting it in attribute values, enabling an attacker to target high-privilege users such as admi...
CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-45643
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643 WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin = 1.0 versions...
CVE-2023-45643
CVE-2023-45643 : Cross-Site Request Forgery (CSRF) in the WordPress plugin “CPT Shortcode Generator” (≤1.0). Connected sources consistently describe CSRF as the vulnerability, with the exploit requiring no privileges but user interaction in some tiers, and unauthenticated access reported by some ...
WordPress Plugin CPT Shortcode Generator Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress plugin Vrm 360 3D Model Viewer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress plugin WP Matterport Shortcode Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...