8956 matches found
CVE-2014-4550
Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...
PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin
Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...
WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability
Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin versions =7.9. Solution Update the WordPress Jetpack plugin to the latest available version at least 7.9.1...
Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code
The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Vulnerability in Shortcode Embed Code security vulnerability...
Design/Logic Flaw
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
WordPress 4.1.x < 4.1.27 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...
WordPress 5.2.x < 5.2.3 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...
WordPress 3.8.x < 3.8.30 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...
WordPress 5.0.x < 5.0.6 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...
WordPress 4.9.x < 4.9.11 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...
WordPress XSS Bug Allows Drive-By Code Execution
A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...
Cross-site Scripting (XSS)
wordpress is vulnerable to cross-site scripting XSS. The attack is due to not handling of the existing rel attribute in wprelnofollowcalback, allowing an attacker to inject arbitrary script during shortcode previews...
DEBIAN-CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...
CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...
CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...
CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...
Design/Logic Flaw
WordPress before 5.2.3 allows XSS in shortcode previews...
UBUNTU-CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...
CVE-2019-16219
CVE-2019-16219 concerns WordPress core prior to version 5.2.3, where a stored XSS flaw in shortcode previews could allow injection of malicious scripts. The vulnerability arises from improper handling of shortcode previews, enabling an attacker to potentially execute script when a user previews a...
CVE-2019-16219
WordPress before 5.2.3 allows XSS in shortcode previews...