CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

CVE-2018-9172

The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes...

WordPress WooCommerce Products Filter Plugin File Inclusion Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WooCommerce Products Filter aka WOOF plugin is to use one of the conditional filtering plugin . A file inclusion...

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

Remote code execution

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication...

WOOF WooCommerce Products Filter 1.1.9 LFI / Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary Shortcode Execution & Local File Inclusion product: WOOF - WooCommerce Products Filter PluginUs.Net vulnerable version: 1.1.9 fixed version: 2.2.0 CVE number:...

WordPress SQL Shortcode SQL Injection

SQL Injection vulnerability in WordPress SQL Shortcode plugin shortcode parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

WordPress EZ SQL Reports Shortcode Widget and DB Backup RCE

Remote command execution vulnerability in WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin shortcode parameter Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Automattic: Stored XSS Using Media

Hi, Summary: This exploits an XSS vulnerability on polldaddy.com Steps to Reproduce: 1. Create a multiple-choice question quiz on Polldaddy 2. Insert stored XSS payload into Media Embed such that it matches the shortcode format Payload: 3. When someone goes on the quiz page through the quiz share...

Cross-site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The library does not escape tags in shortcode previews in the TinyMCE editor, allowing a malicious user to inject and execute arbitrary web script...

WordPress SQL Shortcode plugin <=1.1 - Authenticated SQL Execution vulnerability

Authenticated SQL Execution vulnerability found by Paul Dannewitz in WordPress SQL Shortcode plugin version 1.1 and earlier versions. This vulnerability allows users with low privileges to execute SQL. Solution SQL Shortcode plugin removed from WordPress plugin repository. Use plugin with caution...

SQL Shortcode <= 1.1 - Authenticated SQL Execution

It's not an SQL injection actually, it's just executing SQL with an account as low-privileged as a subscriber. The plugin description says it all. This https://blog.sucuri.net/2016/08/sql-injection-vulnerability-ninja-forms.html great article will help understanding how to exploit shortcodes and...

I Recommend This <= 3.8.1 - Authenticated SQL Injection

Plugin description: "This plugin allows your visitors to simply like/recommend your posts instead of comment on it." Active installs according to https://wordpress.org/plugins/i-recommend-this/: 40.000+ It's possible to inject SQL into the dotrecommends shortcode, if the check for IP addresses is...

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The attacks are possible because the application does not filter unclosed HTML elements in attributes during the processing of shortcode tags...