PT-2024-27298 · WordPress · Image Photo Gallery Final Tiles Grid

Name of the Vulnerable Software and Affected Versions: Image Photo Gallery Final Tiles Grid WordPress plugin versions prior to 3.6.0 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege use...

PT-2024-28383 · WordPress · Openpgp Form Encryption

Name of the Vulnerable Software and Affected Versions: OpenPGP Form Encryption for WordPress plugin version 1.5.0 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes, which could allow users with the contributor role and above to perform...

CVE-2024-2430

The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-6256

The Feeds for YouTube YouTube video, channel, and gallery plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-5444

The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

PT-2024-36330 · WordPress · Bible Text Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Bible Text WordPress plugin versions 0.2 and earlier Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perfo...

WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WPCS versions = 1.2.0.3...

WordPress Animated Typed JS Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Animated Typed JS Shortcode versions = 2.0...

WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jean Tirstan T Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.0...

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

CVE-2024-5664

The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaaraudioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and outpu...

WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sonaaraudioplayer Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar versions = 5.5...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tab Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.8...

WordPress oik plugin <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via bwbutton Shortcode vulnerability discovered by Rafshanzani Suhada in WordPress Plugin oik versions = 4.10.3...

WordPress Simple Alert Boxes plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Alert Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Alert Boxes versions = 1.4.0...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3604

The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'taggedfilter' attribute of the 'osmmapv3' shortcode in all versions up to, and including, 6.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2024-3603

The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible...