CVE-2023-0537 Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0542 Custom Post Type List Shortcode <= 1.4.4 - Contributor+ Stored XSS

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2023-0542 Custom Post Type List Shortcode <= 1.4.4 - Contributor+ Stored XSS

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

PT-2023-16342 · WordPress · Wp-D3

Name of the Vulnerable Software and Affected Versions: Wp-D3 WordPress plugin versions prior to 2.4.2 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortcode attributes...

WordPress plugin Post Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Custom Post Type List Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2023-16125 · WordPress · The Ultimate Carousel For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: The Ultimate Carousel For WPBakery Page Builder WordPress plugin versions through 2.6 Description: The issue concerns the failure to validate and escape certain shortcode attributes, which could allow users with the contributor role and above...

PT-2023-16126 · WordPress · Mega Addons For Wpbakery Page Builder

Name of the Vulnerable Software and Affected Versions: Mega Addons For WPBakery Page Builder WordPress plugin versions prior to 4.3.0 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to...

PT-2023-16343 · WordPress · Product Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Product Slider For WooCommerce Lite WordPress plugin versions 1.1.7 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page/post where...

PT-2023-16332 · WordPress · The Post Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Shortcode WordPress plugin versions 2.0.9 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

PT-2023-17329 · WordPress · Wp Popups

Name of the Vulnerable Software and Affected Versions: WP Popups WordPress plugin versions prior to 2.1.5.1 Description: The issue arises from insufficient escaping of the href attribute in the spu-facebook-page shortcode, potentially allowing Stored Cross-Site Scripting attacks by users with the...

PT-2023-16515 · WordPress · Avirato Hotels Online Booking Engine

Name of the Vulnerable Software and Affected Versions: Avirato hotels online booking engine WordPress plugin versions 5.0.5 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which are then used in SQL statements. This could allow...

CVE-2023-25786

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin = 1.8.2 versions...

CVE-2023-25786

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin = 1.8.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin = 1.8.2 versions...

CVE-2023-25786 WordPress Eyes Only: User Access Shortcode Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin = 1.8.2 versions...

CVE-2023-25786

The CVE-2023-25786 issue affects the WordPress plugin Eyes Only: User Access Shortcode (Thom Stark Eyes Only) version 1.8.2 and earlier. The root cause is a Stored Cross-Site Scripting (XSS) vulnerability that requires admin+ privileges to exploit, with an impact limited to confidentiality and in...

WordPress plugin Eyes Only: User Access Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. osmmap mapborder='3px solid black;background:red;width:100px;height:100px;" onmouseover="alert1"'...

PT-2023-20302 · WordPress · Thom Stark Eyes Only: User Access Shortcode

Name of the Vulnerable Software and Affected Versions: Thom Stark Eyes Only: User Access Shortcode plugin versions 1.8.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects...