Cross site scripting

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Favorites < 2.3.3 - Contributor+ Stored Cross-Site Scripting via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...

Blog-in-Blog <= 1.1.1 - Editor+ Stored Cross-Site Scripting via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back into the page, which could allow users with an editor role or above to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins...

Blog-in-Blog <= 1.1.1 - Editor+ Local File Inclusion via Shortcode

The plugin does not validate a shortcode attribute before using it to include a template file, allowing users with an editor role or above to include arbitrary files readable by the web server, and execute them in case of php files...

PT-2023-15018 · WordPress · Osm Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: OSM WordPress plugin versions through 6.01 Description: The issue concerns the OSM WordPress plugin, where it fails to validate and escape certain shortcode attributes. This could allow users with a role as low as contributor to perform a...

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Google Map Shortcode Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2899 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c83d68b2188f Credits Lana Codes...

SlideOnline <= 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed once the issue...

Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Note: The...

PT-2023-19854 · WordPress · The Go Pricing - Wordpress Responsive Pricing Tables

Name of the Vulnerable Software and Affected Versions: The Go Pricing - WordPress Responsive Pricing Tables plugin versions up to, and including, 3.3.19 Description: The issue allows authenticated attackers with subscriber-level permissions and above to inject a PHP Object via deserialization of...

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making it one of the mos...

WordPress 6.0.x < 6.0.5 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress 5.9.x < 5.9.7 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress 6.1.x < 6.1.3 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The plugin requires WPBakery Page...

WordPress 6.2.x < 6.2.2 Shortcode Execution

According to its self-reported version number, the detected WordPress application is affected by a shortcode execution in user generated content. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

W3 Eden Download Manager 3.2.70 Cross Site Scripting

W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download...

CVE-2023-2735

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2735

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ghform' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

WordPress 6.2.x < 6.2.1 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A directory traversal via wplang. CVE-2023-2745 - A Cross-Site Request Forgery CSRF via wpajaxsetattachmentthumbnail. - An authenticated stored Cross-Site Scripting XSS vi...