CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...

WordPress Paid Membership Subscriptions plugin <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Paid Member Subscriptions versions = 2.13.0...

WordPress WOOCS – WooCommerce Currency Switcher plugin <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin FOX versions = 1.4.2.2...

PT-2024-16772 · WordPress · Bne Gallery Extended

Name of the Vulnerable Software and Affected Versions: BNE Gallery Extended plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-16694 · WordPress · Inpost Gallery

Name of the Vulnerable Software and Affected Versions: InPost Gallery plugin for WordPress versions up to, and including, 2.1.4.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software not properly validatin...

PT-2024-16820 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress plugins affected versions not specified Description: The issue is related to Reflected Cross-Site Scripting in multiple WordPress plugins due to insufficient input sanitization and output escaping in the cminds free guide shortcode...

WordPress plugin InPost Gallery 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

WordPress BNE Gallery Extended plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via gallery Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin BNE Gallery Extended versions = 1.2.1...

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

WordPress InPost Gallery plugin <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via inpostgallerygetshortcodetemplate vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin InPost Gallery versions = 2.1.4.2...

WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability

Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...

CVE-2024-10709

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-10709 YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...