CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

Patchstack•added 2026/04/01 2:31 a.m.•5 views

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...

6.4CVSS5.9AI score0.00039EPSS

Exploits0References1Affected Software1

CVE•added 2026/03/31 10:26 p.m.•8 views

CVE-2026-2480

CVE-2026-2480 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.10. The vulnerability is a Stored Cross-Site Scripting (XSS) in the su_box shortcode via the max_width attribute, caused by insufficient input sanitization and output escaping on user-supplied attribu...

6.4CVSS6AI score0.00039EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by