8961 matches found
CVE-2017-18580
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...
CVE-2017-18580
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...
Design/Logic Flaw
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion...
CVE-2019-15322
Summary: CVE-2019-15322 affects the WordPress plugin “shortcode-factory” prior to version 2.8, which contains a Local File Inclusion vulnerability. Affected software: WordPress shortcode-factory plugin, versions before 2.8. Impact and risk (as stated): Local File Inclusion could allow an attacker...
CVE-2015-9321
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via addqueryarg...
CVE-2015-9321
The CVE-2015-9321 entry applies to the WordPress Shortcode Factory plugin prior to 1.1.1, where an XSS vulnerability is triggered via add_query_arg. The affected component is the shortcode-factory plugin in WordPress; the underlying issue is a cross-site scripting flaw that could enable client-si...
CVE-2019-14790
The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...
Shortcode Factory < 2.8 - Local File Inclusion
The Shortcode Factory WordPress plugin was affected by a Local File Inclusion security vulnerability...
PT-2019-8296 · Automattic · Woocommerce
Name of the Vulnerable Software and Affected Versions: WooCommerce plugin versions prior to 3.2.4 Description: The issue allows an attack after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker constructs a specifically crafted string th...
CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
Design/Logic Flaw
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...
Automattic: Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Jetpack's implementation of the Simple Payment Module is as follows: A custom post type is registered for each product. When an admin creates a product, a post is internally created and information about the product, such as the price is then stored as post meta information. After the post has be...
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description :...
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description : Quizlord is prone to Stored Cross Site Scripting...
WordPress Tooltipy (tooltips for WP) Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.Tooltipy tooltips for WP is used in one of the plug-ins used to create responsive tip box. A cross-site scripting...
CVE-2018-1000512
Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...
Cross site scripting
Tooltipy Tooltipy tooltips for WP version 5 contains a Cross Site Scripting XSS vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been...
WordPress Plugin WordPress File Upload Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Iptanus WordPress File Upload plugin is used in one of the file upload plugin. A security vulnerability exists in...
Default credentials
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...