WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode Previews

Description According to the WordPress release notes: "Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting XSS in shortcode previews."...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

Design/Logic Flaw

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

Summary: CVE-2019-15889 affects the WordPress Download Manager plugin prior to 2.9.94. The vulnerability is a cross-site scripting (XSS) flaw in the category shortcode feature, exploitable via the orderby or publish_date parameters (e.g., ?orderby=title,publish_date or similar). Impact (as stated...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

WordPress shortcode-factory plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. An input validation error vulnerability exists in the WordPress...

CVE-2015-9351

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

Design/Logic Flaw

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

CVE-2015-9351

CVE-2015-9351 concerns the WordPress plugin Feed Them Social (before 1.7.0). The vulnerability allows possible shortcode execution in the Facebook Feeds load more button, enabling arbitrary code execution via shortcode handling. Affected component: Feed Them Social plugin for WordPress; root caus...

CVE-2015-9351

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

WordPress shortcode-factory plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. A cross-site scripting vulnerability exists in the WordPress...

CVE-2019-15322

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion...

CVE-2017-18580

The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...

CVE-2017-18580

The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...

Design/Logic Flaw

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion...

CVE-2019-15322

Summary: CVE-2019-15322 affects the WordPress plugin “shortcode-factory” prior to version 2.8, which contains a Local File Inclusion vulnerability. Affected software: WordPress shortcode-factory plugin, versions before 2.8. Impact and risk (as stated): Local File Inclusion could allow an attacker...

CVE-2015-9321

The shortcode-factory plugin before 1.1.1 for WordPress has XSS via addqueryarg...

CVE-2015-9321

The CVE-2015-9321 entry applies to the WordPress Shortcode Factory plugin prior to 1.1.1, where an XSS vulnerability is triggered via add_query_arg. The affected component is the shortcode-factory plugin in WordPress; the underlying issue is a cross-site scripting flaw that could enable client-si...

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...