CVE-2022-4466 WordPress Infinite Scroll - Ajax Load More < 5.6.0.3 - Contributor+ Stored XSS

The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2022-4661

CVE-2022-4661 affects the WordPress plugin Widgets for WooCommerce Products on Elementor (versions before 1.0.8). The issue is lack of validation/escaping of certain shortcode attributes, enabling Stored XSS via shortcodes when the attacker has contributor privileges or higher. The vulnerability ...

CVE-2022-4661 Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode

The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0172 Juicer < 1.11 - Contributor+ Stored XSS

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin Video Background 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin WordPress Infinite Scroll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Woo Products Widgets For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Companion Sitemap Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Ocean Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-14964 · WordPress · Widgets For Woocommerce Products On Elementor

Name of the Vulnerable Software and Affected Versions: Widgets for WooCommerce Products on Elementor WordPress plugin versions prior to 1.0.8 Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the Widgets for WooCommerce Products on Elementor...

PT-2023-15990 · WordPress · Client Logo Carousel

Name of the Vulnerable Software and Affected Versions: The Client Logo Carousel WordPress plugin versions 3.0.0 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcod...

PT-2023-14527 · WordPress · Wordpress Infinite Scroll

Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll WordPress plugin versions prior to 5.6.0.3 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...

PT-2023-16058 · WordPress · Juicer

Name of the Vulnerable Software and Affected Versions: Juicer WordPress plugin versions prior to 1.11 Description: The issue is related to the Juicer WordPress plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

PT-2023-16344 · WordPress · Campaign Url Builder

Name of the Vulnerable Software and Affected Versions: Campaign URL Builder WordPress plugin versions prior to 1.8.2 Description: The issue is related to the Campaign URL Builder WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a...

PT-2023-16500 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra WordPress plugin versions prior to 2.1.3 Description: The issue allows any authenticated users, such as subscribers, to retrieve the content of arbitrary posts, including drafts, private, or password-protected ones, by not ensurin...

PT-2023-15983 · WordPress · Companion Sitemap Generator

Name of the Vulnerable Software and Affected Versions: Companion Sitemap Generator WordPress plugin versions 4.5.1.1 and earlier Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the...

Easy Forms for MailChimp < 6.8.9 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Edit a form and put the following paylo...

Daily Prayer Time <= 2023.05.04 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

GiveWP < 2.25.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...