8984 matches found
PT-2024-17214 · WordPress · Bookingpress
Name of the Vulnerable Software and Affected Versions: BookingPress plugin for WordPress versions up to, and including, 1.1.21 Description: The issue is related to SQL Injection via the category parameter of the 'bookingpress form' shortcode. This is due to insufficient escaping on the...
PT-2024-17677 · WordPress · Wordpress Simple Shopping Cart
Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to and including 5.0.7 Description: The issue is related to stored Cross-Site Scripting XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...
CVE-2024-11977
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-11977
CVE-2024-11977 concerns the kk Star Ratings – Rate Post & Collect User Feedbacks WordPress plugin. The WordPress plugin is vulnerable to arbitrary shortcode execution in all versions up to and including 5.4.10 due to unvalidated input passed to do_shortcode, enabling unauthenticated attackers to ...
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...
PT-2024-17353 · WordPress · One Click Upsell Funnel For Woocommerce
Name of the Vulnerable Software and Affected Versions: The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress versions up to, and including, 3.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wps wocuf pro yes shortcode due to insufficient...
PT-2024-17668 · WordPress · Magicpost
Name of the Vulnerable Software and Affected Versions: MagicPost plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wb share social shortcode due to insufficient input sanitization and output escaping on...
PT-2024-16813 · WordPress · Multi-Column Tag Map
Name of the Vulnerable Software and Affected Versions: Multi-column Tag Map plugin for WordPress versions up to, and including, 17.0.33 Description: The issue is related to Stored Cross-Site Scripting via the plugin's mctagmap shortcode due to insufficient input sanitization and output escaping o...
PT-2024-17378 · WordPress · Kk Star Ratings
Name of the Vulnerable Software and Affected Versions: The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress versions up to, and including, 5.4.10 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action...
WordPress MagicPost plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wbsharesocial Shortcode vulnerability discovered by SOPROBRO in WordPress Plugin MagicPost – WordPress文章管理功能增强插件 versions = 1.2.1...
WordPress Multi-column Tag Map plugin <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mctagmap Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Multi-column Tag Map versions = 17.0.33...
WordPress One Click Upsell Funnel for WooCommerce plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpswocufproyes Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin One Click Upsell Funnel for WooCommerce versions = 3.4.9...
WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...
WordPress Serious Slider plugin < 1.2.7 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Serious Slider versions 1.2.7...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11108 Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2024-16969 · WordPress · Spotlight
Name of the Vulnerable Software and Affected Versions: Spotlightr plugin for WordPress versions up to, and including, 0.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode due to insufficient input sanitization and output escaping on...