WordPress Arconix Shortcodes plugin <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Arconix Shortcodes versions = 2.1.12...

PT-2024-39910 · WordPress · T(-) Countdown

Name of the Vulnerable Software and Affected Versions: T- Countdown plugin for WordPress versions up to, and including, 2.4.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the tminus shortcode, allowing authenticated attacker...

PT-2024-39770 · WordPress · Arconix Shortcodes

Name of the Vulnerable Software and Affected Versions: Arconix Shortcodes plugin for WordPress versions up to, and including, 2.1.12 Description: The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input...

WordPress Simple Code Insert Shortcode Plugin <= 1.0 is vulnerable to SQL Injection

Software Simple Code Insert Shortcode Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49613 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID df05b471af58 Credits João Pedro S Alcântara Kinorth Required...

WordPress Flat UI Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via flatbtn Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Flat UI Button versions 1.0...

CVE-2024-48022

The CVE-2024-48022 entry concerns a Stored XSS in the WordPress plugin Shortcode For Elementor Templates (

CVE-2024-9898

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-9898 Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Parallax Image plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via dd-parallax Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Parallax Image versions = 1.8...

WordPress plugin Shortcode For Elementor Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

Exploit for Code Injection in Themehunk Wp_Popup_Builder

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lea...

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061 WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add

The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wpajaxnoprivshortcodeApiAdd AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action tha...

CVE-2024-9061

The CVE CVE-2024-9061 affects the WordPress plugin WP Popup Builder – Popup Forms and Marketing Lead Generation. It allows unauthenticated users to perform arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to 1.3.5, due to inadequate validation ...

CVE-2024-8746

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mkfilefoldermanagershortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if grant...

PT-2024-39397 · WordPress · The Popup Builder

Name of the Vulnerable Software and Affected Versions: The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress versions up to 1.3.5 Description: The issue allows arbitrary shortcode execution via the wp ajax nopriv shortcode Api Add AJAX action. This is due to the...

WordPress WP Popup Builder – Popup Forms and Marketing Lead Generation plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Popup Builder versions = 1.3.5...

CVE-2024-9837 AADMY – Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution

The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...