Lucene search
HistoryMar 30, 2023 - 12:15 p.m.
CVE-2023-25040
cve-2023-25040
authentication
contributor+
stored xss
cross-site scripting
xss vulnerability
vova anokhin
wordpress
shortcodes plugin
shortcodes ultimate plugin
nvd
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
21.1%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.
Affected configurations
Node
vova_anokhinwordpress_shortcodes_plugin_—_shortcodes_ultimateRange≤5.12.6
| CPE | Name | Operator | Version |
|---|---|---|---|
| getshortcodes:shortcodes_ultimate | getshortcodes shortcodes ultimate | lt | 5.12.7 |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "shortcodes-ultimate",
"product": "WordPress Shortcodes Plugin — Shortcodes Ultimate",
"vendor": "Vova Anokhin",
"versions": [
{
"changes": [
{
"at": "5.12.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.12.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
wpvulndb
wpvulndb
Shortcodes Ultimate < 5.12.7 - Contributor+ Stored XSS
2023-02-10 00:00:00
prion
prion
Cross site scripting
2023-03-30 12:15:00
nvd
nvd
CVE-2023-25040
2023-03-30 12:15:07
wordfence
wordfence
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
21.1%
Related for CVE-2023-25040