Toggles Shortcode And Widget
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12207 | Med | 0.29 | 4.4 | 0.00 | Jan 7, 2025 | The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated… | ||
| CVE-2024-0711 | 0.00 | — | 0.00 | Mar 18, 2024 | The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored… | |||
| CVE-2024-0719 | 0.00 | — | 0.00 | Mar 18, 2024 | The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored… |
- risk 0.29cvss 4.4epss 0.00
The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…
- CVE-2024-0711Mar 18, 2024risk 0.00cvss —epss 0.00
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…
- CVE-2024-0719Mar 18, 2024risk 0.00cvss —epss 0.00
The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…