Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-0442
The Loan Comparison WordPress plugin prior to 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an malicious user to inject javascript into into the site via a crafted URL.
Loan Comparison Project Loan Comparison
6.1
CVSSv3
CVE-2015-5714
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.3.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
Wordpress Wordpress
9 Github repositories
5.4
CVSSv3
CVE-2023-5708
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Wp Post Columns Project Wp Post Columns
5.4
CVSSv3
CVE-2023-0368
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin up to and including 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with th...
Responsive Tabs For Wpbakery Page Builder Project Responsive Tabs For Wpbakery Page Builder
5.4
CVSSv3
CVE-2023-0489
The SlideOnline WordPress plugin up to and including 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
Slideonline Project Sideonline
5.4
CVSSv3
CVE-2023-0490
The f(x) TOC WordPress plugin up to and including 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
F\\(x\\) Toc Project F\\(x\\) Toc
5.4
CVSSv3
CVE-2023-0526
The Post Shortcode WordPress plugin up to and including 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Post Shortcode Project Post Shortcode
5.4
CVSSv3
CVE-2023-0536
The Wp-D3 WordPress plugin up to and including 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scr...
Wp-d3 Project Wp-d3
5.4
CVSSv3
CVE-2023-0418
The Video Central for WordPress plugin up to and including 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Video Central Project Video Central
5.4
CVSSv3
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »