WordPress Shortcode Ninja Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Shortcode Ninja is a form builder plugin used in it. WordPress Shortcode Ninja 1.4 and earlier versions of the...

Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode

In Donorbox WordPress plugin, one can perform an XSS attack via the included shortcode by inserting arbitrary HTML attributes. This vulnerability was introduced in v7.1 and fixed in v7.1.2. PoC donate url='/?" autofocus onfocus="alertwindow" abitraryAttributeToValidateShortcodeParsing="'...

CVE-2014-4550

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

CVE-2014-4550

CVE-2014-4550 is a cross-site scripting vulnerability in the WordPress plugin Shortcode Ninja up to version 1.4 (and earlier) in the file preview-shortcode-external.php . The root cause is insufficient validation/escaping of the shortcode parameter, allowing remote attackers to inject arbitrary s...

CVE-2014-4550

Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

PT-2019-15803 · Zoho · Zoho Crm Lead Magnet Plugin

Name of the Vulnerable Software and Affected Versions: Zoho CRM Lead Magnet plugin version 1.6.9.1 Description: The issue allows for XSS attacks. This can be achieved via the module, EditShortcode, or LayoutName. Recommendations: For Zoho CRM Lead Magnet plugin version 1.6.9.1, update to a newer...

WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability

Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin versions =7.9. Solution Update the WordPress Jetpack plugin to the latest available version at least 7.9.1...

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Vulnerability in Shortcode Embed Code security vulnerability...

Design/Logic Flaw

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...

WordPress 4.1.x < 4.1.27 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress 5.2.x < 5.2.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress 3.8.x < 3.8.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress 5.0.x < 5.0.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress 4.9.x < 4.9.11 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in post previews by contributors. - A cross-site scripting XSS vulnerability in stored comments. - An unspecified issue with...

WordPress XSS Bug Allows Drive-By Code Execution

A just-patched stored cross-site scripting XSS vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The attack is due to not handling of the existing rel attribute in wprelnofollowcalback, allowing an attacker to inject arbitrary script during shortcode previews...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

DEBIAN-CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...