8984 matches found
PT-2024-17315 · WordPress · Stripe Donation Plugin
Name of the Vulnerable Software and Affected Versions: Stripe Donation plugin for WordPress versions 1.2.5 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'stripe donation' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin Get Post Content Shortcode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
PT-2024-17596 · WordPress · Get Post Content Shortcode
Name of the Vulnerable Software and Affected Versions: Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4 Description: The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content'...
PT-2024-17636 · WordPress · Woocommerce Cart Count Shortcode
Name of the Vulnerable Software and Affected Versions: WooCommerce Cart Count Shortcode plugin for WordPress versions up to, and including, 1.0.4 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the cart button shortcode. This...
PT-2024-17310 · WordPress · Glomex Oembed Plugin
Name of the Vulnerable Software and Affected Versions: glomex oEmbed plugin for WordPress versions prior to 0.9.1 Description: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's glomex integration shortcode due to insufficient input sanitization a...
PT-2024-17639 · WordPress · States Map Us
Name of the Vulnerable Software and Affected Versions: The States Map US plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the states...
PT-2024-17628 · WordPress · Simple Locator
Name of the Vulnerable Software and Affected Versions: The Simple Locator plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on...
PT-2024-17313 · WordPress · Cricket Live Score
Name of the Vulnerable Software and Affected Versions: Cricket Live Score plugin for WordPress versions prior to 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cricket score' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17595 · WordPress · Post To Pdf
Name of the Vulnerable Software and Affected Versions: Post to Pdf plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gmptp single post' shortcode due to insufficient input sanitization and output escaping on...
PT-2024-17312 · WordPress · Kredeum Nfts
Name of the Vulnerable Software and Affected Versions: Kredeum NFTs versions up to, and including, 1.6.9 Description: The Kredeum NFTs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum opensky' shortcode due to insufficient input sanitization and output...
PT-2024-17232 · WordPress · Eveeno
Name of the Vulnerable Software and Affected Versions: Eveeno plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-17602 · WordPress · Ganohrs Toggle Shortcode
Name of the Vulnerable Software and Affected Versions: Ganohrs Toggle Shortcode plugin for WordPress versions up to, and including, 0.2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode due to insufficient input sanitization and output escaping...
PT-2024-17236 · WordPress · Bukza
Name of the Vulnerable Software and Affected Versions: Bukza plugin for WordPress versions up to, and including, 2.0.0 Description: The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode due to insufficient input sanitization and output...
WordPress Get Post Content Shortcode plugin <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure via postcontent Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Get Post Content Shortcode versions = 0.4...
WordPress WooCommerce Cart Count Shortcode plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin WooCommerce Cart Count Shortcode versions = 1.0.4...
CVE-2024-11012
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-11012
CVE-2024-11012 (Notibar – Notification Bar for WordPress) is a vulnerability in the Notibar WordPress plugin where an authenticated user with Subscriber+ privileges can trigger arbitrary shortcode execution through the njt_nofi_text AJAX action. The root cause is lack of proper validation before ...
CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2024-12421
The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...