CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

Design/Logic Flaw

WordPress before 5.2.3 allows XSS in shortcode previews...

UBUNTU-CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

CVE-2019-16219

CVE-2019-16219 concerns WordPress core prior to version 5.2.3, where a stored XSS flaw in shortcode previews could allow injection of malicious scripts. The vulnerability arises from improper handling of shortcode previews, enabling an attacker to potentially execute script when a user previews a...

CVE-2019-16219

WordPress before 5.2.3 allows XSS in shortcode previews...

PT-2019-5209 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to an error in the shortcode preview functionality of the WordPress content management system, allowing for XSS attacks. This could potentially enable a remote attacker to...

FreeBSD : wordpress -- multiple issues (8a9f86de-d080-11e9-9051-4c72b94353b5)

wordpress developersreports : Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

WordPress 5.0-5.2.2 - Authenticated Stored XSS in Shortcode Previews

Description According to the WordPress release notes: "Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting XSS in shortcode previews."...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

Design/Logic Flaw

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

CVE-2019-15889

Summary: CVE-2019-15889 affects the WordPress Download Manager plugin prior to 2.9.94. The vulnerability is a cross-site scripting (XSS) flaw in the category shortcode feature, exploitable via the orderby or publish_date parameters (e.g., ?orderby=title,publish_date or similar). Impact (as stated...

CVE-2019-15889

The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter...

WordPress shortcode-factory plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. An input validation error vulnerability exists in the WordPress...

CVE-2015-9351

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

Design/Logic Flaw

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

CVE-2015-9351

CVE-2015-9351 concerns the WordPress plugin Feed Them Social (before 1.7.0). The vulnerability allows possible shortcode execution in the Facebook Feeds load more button, enabling arbitrary code execution via shortcode handling. Affected component: Feed Them Social plugin for WordPress; root caus...

CVE-2015-9351

The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button...

WordPress shortcode-factory plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shortcode-factory is a plugin that provides ready-to-use shortcodes. A cross-site scripting vulnerability exists in the WordPress...

CVE-2019-15322

The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion...