14 matches found
CVE-2024-6766
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2024-4217
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks...
WordPress Shortcodes Ultimate Pro plugin < 7.2.1 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate Pro versions 7.2.1...
CVE-2024-6766
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...
WordPress plugin shortcodes-ultimate-pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37858 · WordPress · Shortcodes-Ultimate-Pro
Name of the Vulnerable Software and Affected Versions: shortcodes-ultimate-pro WordPress plugin versions prior to 7.2.1 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortco...
WordPress Shortcodes Ultimate Pro Plugin < 7.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.2.1 Fixed in 7.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6766 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db236be8a8b4 Credits Dmitrii Ignatyev...
WordPress Shortcodes Ultimate Pro plugin < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS vulnerability
Contributor+ Stored Cross-Site Scripting XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate Pro versions 7.1.5...
WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...
CVE-2024-4217
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks...
WordPress plugin shortcodes-ultimate-pro security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...
PT-2024-29785 · WordPress · Shortcodes-Ultimate-Pro
Name of the Vulnerable Software and Affected Versions: shortcodes-ultimate-pro WordPress plugin versions prior to 7.1.5 Description: The issue allows attackers with a Contributor account to conduct Stored XSS attacks due to improper escaping of some shortcode settings. Recommendations: For versio...