8956 matches found
WP Stripe Checkout < 1.2.2.21 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post wpstripecheckout...
Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a page/post videojsvideo url=...
Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post videojsvideo...
Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put, the following shortcode in a page/post lightbox2 url='"...
PT-2022-24544 · Silverstripe · Silverstripe Asset-Admin +2
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11.0 and earlier Silverstripe silverstripe/assets versions 1.11.0 and earlier Silverstripe silverstripe/asset-admin versions 1.11.0 and earlier Description: The issue allows for cross-site...
Image Hover Effects < 5.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to the plugin settings Image Hover Effects Ima...
Donation Button <= 4.0.0 - Contributor+ Stored XSS
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. Put the following shortcode in a blog post: paypaldonationbutton align='center" onmouseover="alert1'...
PT-2022-24133 · Unknown · Flipbook Plugin
Name of the Vulnerable Software and Affected Versions: Flipbook Plugin affected versions not specified Description: A vulnerability was found in the Flipbook Plugin, affecting some unknown functionality of the file post.php of the component Edit Post Handler. The manipulation of the Shortcode...
PT-2022-24051 · WordPress · Embedpress Plugin
Name of the Vulnerable Software and Affected Versions: EmbedPress Plugin affected versions not specified Description: A vulnerability has been found in the EmbedPress Plugin, affecting an unknown functionality of the file post.php of the component Shortcode Handler. This issue leads to cross-site...
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Subscription Form
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks As a contributor, put the following shortcode in a post/page pumsubform namefieldtype="fullname" labelname="Name"...
Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
The plugin does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues Make a logged in admin open a page...
WordPress Plugin shortcode-imdb SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
CVE-2022-33970
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
Code injection
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
CVE-2022-33970 WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...
CVE-2022-33970
CVE-2022-33970 affects the WordPress Shortcode Addons plugin (versions up to and including 3.1.2). The vulnerability allows authenticated users to change plugin options, indicating an issue in access control for option/configuration changes. The issue is confirmed across multiple sources (NVD/NIS...
WordPress plugin Shortcode Addons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
Authenticated WordPress Options Change vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.1.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.2.0...