PT-2024-39142 · WordPress · Mailoptin

Name of the Vulnerable Software and Affected Versions: MailOptin plugin for WordPress versions up to, and including, 1.2.70.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode due to insufficient input sanitization and output escaping on...

PT-2024-39156 · WordPress · Garden Gnome Package

Name of the Vulnerable Software and Affected Versions: The Garden Gnome Package plugin for WordPress versions up to, and including, 2.2.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

PT-2024-39138 · WordPress · Mdtf

Name of the Vulnerable Software and Affected Versions: MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.3 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not proper...

WordPress WP Custom Fields Search plugin <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Custom Fields Search versions = 1.2.35...

PT-2024-38970 · WordPress · Wp Custom Fields Search

Name of the Vulnerable Software and Affected Versions: WP Custom Fields Search plugin for WordPress versions up to, and including, 1.2.35 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode due to insufficient input sanitization and output...

WordPress Simple Spoiler plugin <= 1.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Spoiler versions = 1.3...

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin FOX versions = 1.4.2.1...

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8271

CVE-2024-8271 affects the WordPress plugin FOX – Currency Switcher Professional for WooCommerce . All versions up to and including 1.4.2.1 are vulnerable to unauthenticated arbitrary shortcode execution due to inadequate validation in the Woocs_get_custom_price_html function that allows running d...

CVE-2024-8271 FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8271 FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-8747

The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5869

The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5867

The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...