8976 matches found
CVE-2024-8543
The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sciba shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-8478
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it...
CVE-2024-8478
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it...
CVE-2024-8478 Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution
The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it...
CVE-2024-8478
CVE-2024-8478 affects WordPress plugins: Affiliate Super Assistent (
WordPress Affiliate Super Assistent plugin <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Affiliate Super Assistent versions = 1.5.3...
PT-2024-39083 · WordPress · Slider Comparison Image Before/After
Name of the Vulnerable Software and Affected Versions: The Slider comparison image before and after plugin for WordPress versions up to, and including, 0.8.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's sciba shortcode due to insufficient input sanitization an...
PT-2024-39044 · WordPress · Affiliate Super Assistent
Name of the Vulnerable Software and Affected Versions: The Affiliate Super Assistent plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This...
CVE-2024-6859
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6859 WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6859 WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-7381
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...
CVE-2024-7381
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...
CVE-2024-7381 Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...
CVE-2024-7381 Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...
CVE-2024-8363
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Share This Image plugin <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via STI Buttons Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Share This Image versions = 2.02...
PT-2024-38969 · WordPress · Share This Image
Name of the Vulnerable Software and Affected Versions: Share This Image plugin for WordPress versions up to, and including, 2.02 Description: The issue is related to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-3998
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Foxyyy in WordPress Theme Betheme versions = 27.5.6...