CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10910

CVE-2024-10910 affects Grid Plus – Unlimited grid layout (WordPress) up to version 1.3.5. The flaw allows unauthenticated attackers to execute arbitrary shortcodes via the grid_plus_load_by_category AJAX action, because a value used by do_shortcode is not properly validated. Status: the vulnerabi...

CVE-2024-11433

The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11433 Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpreviveasync' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11442 Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

WordPress Surbma | SalesAutopilot Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Surbma | SalesAutopilot Shortcode versions = 2.0...

PT-2024-17311 · WordPress · Add Infos To The Events Calendar Plugin

Name of the Vulnerable Software and Affected Versions: Add infos to the events calendar plugin for WordPress versions up to, and including, 1.4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode due to insufficient input sanitization and output...

PT-2024-16996 · WordPress · Horizontal Scroll Image Slideshow

Name of the Vulnerable Software and Affected Versions: Horizontal scroll image slideshow plugin for WordPress versions up to and including 10.1 Description: The issue is related to stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes i...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17319 · WordPress · Faq/Answers – Create Frequently Asked Questions Area

Name of the Vulnerable Software and Affected Versions: FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'faq' shortcode due to insufficie...

PT-2024-17212 · WordPress · Kvcore Idx Plugin

Name of the Vulnerable Software and Affected Versions: kvCORE IDX plugin for WordPress versions up to, and including, 2.3.35 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows unauthenticated...

PT-2024-17604 · WordPress · Wp-Revive Adserver

Name of the Vulnerable Software and Affected Versions: WP-Revive Adserver plugin for WordPress versions up to, and including, 2.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wprevive async shortcode due to insufficient input sanitization and output escaping...

WordPress plugin WoodMart 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-17238 · WordPress · Currency Converter Widget ⚡ Pro

Name of the Vulnerable Software and Affected Versions: Currency Converter Widget ⚡ PRO plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping on user-suppli...

PT-2024-16637 · WordPress · The Grid Plus

Name of the Vulnerable Software and Affected Versions: The Grid Plus – Unlimited grid layout plugin for WordPress versions up to, and including, 1.3.5 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes via the "grid plus load by category" AJAX action. This is...

PT-2024-17334 · WordPress · Powerbi Embed Reports

Name of the Vulnerable Software and Affected Versions: PowerBI Embed Reports plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'MO API POWER BI' shortcode due to insufficient input sanitization and output...

PT-2024-17548 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: Woodmart theme for WordPress versions up to 8.0.3 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action without properly validating a value before...

PT-2024-16986 · WordPress · Sql Chart Builder

Name of the Vulnerable Software and Affected Versions: SQL Chart Builder plugin for WordPress versions up to, and including, 2.3.6 Description: The issue arises from insufficient escaping on the user-supplied arg1 parameter and lack of sufficient preparation on the existing SQL query in the gvn...