Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0069
The WPaudio MP3 Player WordPress plugin up to and including 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C...
Wpaudio Mp3 Player Project Wpaudio Mp3 Player
5.4
CVSSv3
CVE-2023-0073
The Client Logo Carousel WordPress plugin up to and including 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Client Logo Carousel Project Client Logo Carousel
5.4
CVSSv3
CVE-2023-0212
The Advanced Recent Posts WordPress plugin up to and including 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
Advanced Recent Posts Project Advanced Recent Posts
5.4
CVSSv3
CVE-2023-0271
The WP Font Awesome WordPress plugin prior to 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Wp Font Awesome Project Wp Font Awesome
5.4
CVSSv3
CVE-2023-0490
The f(x) TOC WordPress plugin up to and including 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
F\\(x\\) Toc Project F\\(x\\) Toc
5.4
CVSSv3
CVE-2023-0538
The Campaign URL Builder WordPress plugin prior to 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
Campaign Url Builder Project Campaign Url Builder
5.4
CVSSv3
CVE-2022-4764
The Simple File Downloader WordPress plugin up to and including 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor...
Simple File Downloader Project Simple File Downloader
5.4
CVSSv3
CVE-2022-4785
The Video Sidebar Widgets WordPress plugin up to and including 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ...
Video Sidebar Widgets Project Video Sidebar Widgets
5.4
CVSSv3
CVE-2022-4512
The Better Font Awesome WordPress plugin prior to 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Better Font Awesome Project Better Font Awesome
5.4
CVSSv3
CVE-2022-4754
The Easy Social Box / Page Plugin WordPress plugin up to and including 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perfo...
Easy Social Box Project Easy Social Box
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »