2 matches found
CVE-2024-9027
CVE-2024-9027 affects the WPZOOM Shortcodes WordPress plugin (versions up to and including 1.0.5). Root cause: insufficient input sanitization and output escaping on the box shortcode attributes, enabling stored XSS. Exploitation requires authentication at contributor level or higher, with the at...
CVE-2024-22162
CVE-2024-22162 — WPZOOM Shortcodes : Reflected XSS in WPZOOM Shortcodes due to improper input neutralization during web page generation. Affected: WordPress plugin WPZOOM Shortcodes (versions up to 1.0.3; Patchstack also references up to 1.0.5). Impact: attacker-controlled input may inject script...