PT-2023-14554 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions prior to 2212 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as lo...

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...

Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...

Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...

CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...

Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...

WordPress List Pages Shortcode Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Software List Pages Shortcode Type Plugin Vulnerable versions = 1.7.5 Fixed in 1.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 30aa61094340 Credits Lana Codes Required...

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...

Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...

PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...