4 matches found
CVE-2024-9027
The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9027
The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9027
CVE-2024-9027 affects the WPZOOM Shortcodes WordPress plugin (versions up to and including 1.0.5). Root cause: insufficient input sanitization and output escaping on the box shortcode attributes, enabling stored XSS. Exploitation requires authentication at contributor level or higher, with the at...
CVE-2024-22162 WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3...