8967 matches found
WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...
PT-2024-37275 · WordPress · Zenon Lite
Name of the Vulnerable Software and Affected Versions: Zenon Lite theme for WordPress versions up to, and including, 1.9 Description: The issue arises from insufficient input sanitization and output escaping in the url parameter within the theme's Button shortcode, allowing authenticated attacker...
CVE-2024-5255
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-5255
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-5254
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-5253
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5251
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-5252
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-5251
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
PT-2024-35371 · WordPress · Ultimate Addons For Wpbakery
Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ultimate dual color shortcode due to insufficient input sanitizatio...
PT-2024-35359 · WordPress · Ultimate Addons For Wpbakery
Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ult team shortcode due to insufficient input sanitization and outpu...
PT-2024-35348 · WordPress · Ultimate Addons For Wpbakery
Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the ultimate pricing shortcode...
PT-2024-35353 · WordPress · Ultimate Addons For Wpbakery
Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ultimate info table shortcode due to insufficient input sanitizatio...
PT-2024-35366 · WordPress · Ultimate Addons For Wpbakery
Name of the Vulnerable Software and Affected Versions: The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the ultimate info banner...
CVE-2024-2691
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on use...
WordPress WP Event Manager plugin <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'events' Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Event Manager versions = 3.1.43...
PT-2024-21575 · WordPress · Wp Event Manager
Name of the Vulnerable Software and Affected Versions: The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress versions up to, and including, 3.1.43 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'events' shortco...
CVE-2024-3919
The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-3710
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
CVE-2024-3919
The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...