WordPress Plugin Shortcode Addons 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Shortcode Addons versions = 3.2.5...

WordPress Shortcode Addons Plugin <= 3.2.5 is vulnerable to Arbitrary File Upload

Software Shortcode Addons Type Plugin Vulnerable versions = 3.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-31114 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 25bf030daa64 Credits Peng Zhou Required privilege Administrator...

CVE-2022-33970

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...

Code injection

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...

CVE-2022-33970

CVE-2022-33970 affects the WordPress Shortcode Addons plugin (versions up to and including 3.1.2). The vulnerability allows authenticated users to change plugin options, indicating an issue in access control for option/configuration changes. The issue is confirmed across multiple sources (NVD/NIS...

CVE-2022-33970 WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability

Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin = 3.1.2 at WordPress...

WordPress plugin Shortcode Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

CVE-2022-34487

CVE-2022-34487 affects WordPress Shortcode Addons plugin versions ≤ 3.0.2. Nuclei template and related reports describe an unauthenticated arbitrary option update due to insufficient access controls, enabling attackers to modify plugin options without authentication. Impact is potential site defa...

CVE-2022-34487 WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

WordPress plugin Shortcode Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2022-22178 · WordPress · Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018's Shortcode Addons plugin versions 3.0.2 and earlier Description: The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. Recommendations: For versions...

VulnCheck KEV: CVE-2022-34487

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin = 3.0.2 at WordPress...

WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by m0ze Patchstack in WordPress Shortcode Addons plugin versions = 3.0.2. Solution Update the WordPress Shortcode Addons plugin to the latest available version at least 3.0.3...

Shortcode Addons < 3.1.0 - Unauthenticated Arbitrary Option Update

The plugin does not have any authorisation in its REST API endpoint, one of them could allow unauthenticated attackers to update arbitrary blog options. PoC POST /wp-json/ShortCodeAddonsUltimate/v2/addonssettings HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate...