Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0150
The Cloak Front End Email WordPress plugin prior to 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...
Cloak Front End Email Project Cloak Front End Email
5.4
CVSSv3
CVE-2023-0153
The Vimeo Video Autoplay Automute WordPress plugin up to and including 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...
Vimeo Video Autoplay Automute Project Vimeo Video Autoplay Automute
5.4
CVSSv3
CVE-2023-0535
The Donation Block For PayPal WordPress plugin prior to 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Donation Block For Paypal Project Donation Block For Paypal
5.4
CVSSv3
CVE-2022-4795
The Galleries by Angie Makes WordPress plugin up to and including 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto...
Galleries By Angie Makes Project Galleries By Angie Makes
5.4
CVSSv3
CVE-2022-1393
The WP Subtitle WordPress plugin prior to 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized ...
Wp Subtitle Project Wp Subtitle
5.4
CVSSv3
CVE-2022-4750
The WP Responsive Testimonials Slider And Widget WordPress plugin up to and including 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a...
Wp Responsive Testimonials Slider And Widget Project Wp Responsive Testimonials Slider And Widget
5.4
CVSSv3
CVE-2023-0367
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin prior to 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo...
Pricing Tables For Wpbakery Page Builder Project Pricing Tables For Wpbakery Page Builder
5.4
CVSSv3
CVE-2023-0368
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin up to and including 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with th...
Responsive Tabs For Wpbakery Page Builder Project Responsive Tabs For Wpbakery Page Builder
6.1
CVSSv3
CVE-2023-0442
The Loan Comparison WordPress plugin prior to 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an malicious user to inject javascript into into the site via a crafted URL.
Loan Comparison Project Loan Comparison
5.4
CVSSv3
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin up to and including 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an...
Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce Project Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »