Cross site scripting

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2014-4541

Cross-site scripting XSS vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

CVE-2014-4541

CVE-2014-4541 corresponds to a cross-site scripting (XSS) vulnerability in the OMFG Mobile Pro WordPress plugin, specifically in shortcode-generator/preview-shortcode-external.php. Affected software: WordPress plugin OMFG Mobile Pro

CVE-2014-4541

Cross-site scripting XSS vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...

Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind waraxe Date: 22. May 2013 Location: Estonia, Tartu Web:...

WordPress OMFG Mobile Pro Plugin <= 1.1.26 - XSS

Because of this vulnerability in shortcode-generator/preview-shortcode-external.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. PoC http://www.example.com/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E...

Spider Catalog 1.4.6 Multiple Vulnerabilities

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities. Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of...

CVE-2012-5350

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode...

CVE-2012-5325

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

CVE-2012-5325

Multiple cross-site scripting XSS vulnerabilities in the scrdoredirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the 1 url or 2 sec attributes in a...

CVE-2012-5325

The vulnerability CVE-2012-5325 affects the WordPress Shortcode Redirect plugin (

WordPress Shortcode Redirect Plugin <= 1.0.01 - Multiple XSS

Because of these vulnerabilities, the authenticated users with certain permissions can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure

Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins : http://downloads.wordpress.org/plugin/simple-download-button-shortcode.1.0.0.zip Date :...

Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure

Exploit for php platform in category web applications Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins :...

WordPress Shortcode Redirect 1.0.01 Stored Cross Site Scripting

Exploit Title: Wordpress Shortcode Redirect plugin = 1.0.01 Stored XSS Dork: inurl:/wp-content/plugins/shortcode-redirect/ Date: 2012/01/18 Author: Gianluca Brindisi gATbrindi.si @gbrindisi http://brindi.si/g/ Software Link: http://downloads.wordpress.org/plugin/shortcode-redirect.1.0.01.zip...