CVE-2024-8481

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

CVE-2024-8481

CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

WordPress plugin The Special Text Boxes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Special Text Boxes plugin <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Special Text Boxes versions = 6.2.4...

PT-2024-39047 · WordPress · Special Text Boxes

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...

WordPress Special Text Boxes Plugin <= 6.2.2 is vulnerable to Bypass Vulnerability

Software Special Text Boxes Type Plugin Vulnerable versions = 6.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2024-8481 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID ff741af18511 Credits Francesco Carlucci Required privilege...

CVE-2021-24485

The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24485

The CVE-2021-24485 entry covers the WordPress Special Text Boxes plugin. Affected software: WordPress Special Text Boxes plugin versions prior to 5.9.110. Vulnerable component: settings sanitisation/escaping in the plugin, allowing Cross-Site Scripting (XSS) by high-privilege users even when unfi...

WordPress plugin Special Text Boxes 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Special Text Boxes plugin in versions prior to 5.9.109 suffers from a cross-site scripting vulnerabili...

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. PoC Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

WordPress Special Text Boxes plugin <= 5.9.109 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Special Text Boxes plugin versions = 5.9.109. Solution Update the WordPress Special Text Boxes plugin to the latest available version at least 5.9.110...