CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

CVE-2015-5622

Cross-site scripting XSS vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.ph...

WordPress < 3.7.9 / 3.8.9 / 3.9.7 / 4.1.6 / 4.2.3 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is either version 3.7.x prior to 3.7.9, 3.8.x prior to 3.8.9, 3.9.x prior to 3.9.7, 4.1.x prior to 4.1.6, or 4.2.x prior to 4.2.3. It is, therefore, potentially affected by the following vulnerabilities : ...

WordPress <= 4.2.2 - XSS

WordPress 4.2.2 is prone to a cross site scripting vulnerability that allows an authenticated user to bypass intended access restrictions and create drafts by leveraging the Subscriber role. Also, it allows to inject web script or HTML by leveraging the Author role to place a crafted shortcode...

WordPress Download Shortcode Plugin <= 0.2.0 - Arbitrary File Disclosure

This plugin is prone to "file" arbitrary file disclosure vulnerability. Solution Update the plugin...

WordPress Download Shortcode Plugin <= 0.2.0 - Arbitrary File Disclosure

This plugin is prone to "file" arbitrary file disclosure vulnerability. Solution Update the plugin...

WordPress Freshmail Plugin <= 1.5.8 - SQL Injection

Freshmail plugin is prone to an SQL injection that exists in "id" parameter via shortcode.php. It allows to insert shortcodes without administrator's permission when page is editing. Solution Update the plugin...

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link:...

WordPress Plugin Freshmail 1.5.8 - &#039;shortcode.php&#039; SQL Injection

Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link: https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip Version:...

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...

Shortcode Factory < 1.1.1 - XSS

The Shortcode Factory WordPress plugin was affected by a XSS security vulnerability...

CVE-2015-2165

Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...

Feed Them Social < 1.7.0 - XSS & Arbitrary Shortcode Execution

The Feed Them Social – for Twitter feed, Youtube, Pinterest and more WordPress plugin was affected by a XSS & Arbitrary Shortcode Execution security vulnerability...

DEBIAN-CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

Cross site scripting

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...