8961 matches found
CVE-2023-0169 Zoho Forms < 3.0.1 - Contributor+ Stored XSS
The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4458 Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4458
CVE-2022-4458 affects the WordPress plugin “amr shortcode any widget” versions prior to 4.0. The issue is that certain shortcode attributes are not validated or escaped before being echoed in the page, enabling a contributor‑level user to perform Stored XSS that could affect admins. Mitigation: u...
CVE-2022-4551 Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
The Rich Table of Contents WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attack...
CVE-2022-4448 GiveWP < 2.24.0 - Contributor+ Stored XSS
The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4448 GiveWP < 2.24.0 - Contributor+ Stored XSS
The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0270 YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS
The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2022-4473 Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS
The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4473
CVE-2022-4473 concerns the WordPress plugin Widget Shortcode (
Cost Calculator <= 1.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC ndcostcalculator id='"...
Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC lptwrecentposts colorscheme='"...
UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...
PT-2023-15679 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro WordPress plugin versions prior to 2.9.9 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low a...
WordPress plugin Widget Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
PT-2023-14565 · WordPress · Widgets On Pages
Name of the Vulnerable Software and Affected Versions: Widgets on Pages WordPress plugin versions prior to 1.8.0 Description: The issue concerns the failure to validate and escape shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...
Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpmproductgtin id='1' wrapper='div...
PT-2023-15960 · WordPress · Jetwidgets For Elementor
Name of the Vulnerable Software and Affected Versions: JetWidgets For Elementor WordPress plugin versions prior to 1.0.14 Description: The issue concerns the JetWidgets For Elementor WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting...
PT-2023-14508 · WordPress · Amr Shortcode Any Widget
Name of the Vulnerable Software and Affected Versions: amr shortcode any widget WordPress plugin versions prior to 4.0 Description: The issue concerns the amr shortcode any widget WordPress plugin, where it fails to validate and escape some of its shortcode attributes before outputting them back ...
PT-2023-15978 · WordPress · Judge.Me Product Reviews
Name of the Vulnerable Software and Affected Versions: Judge.me Product Reviews for WooCommerce WordPress plugin versions prior to 1.3.21 Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and abov...
PT-2023-15992 · WordPress · Amazon Js Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Amazon JS WordPress plugin versions 0.10 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the Amazon JS WordPress plugin, which can lead to Stored Cross-Site Scripting attacks...