Lucene search
K

189 matches found

WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.10 views

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/18 6:15 a.m.12 views

CVE-2024-3811

The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/18 12:0 a.m.4 views

WordPress Plugin Salient Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.6AI score0.00267EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Themify Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in the WordPress plugi...

6.4CVSS6.3AI score0.00385EPSS
Exploits0References4
CVE
CVE
added 2024/05/09 8:3 p.m.29 views

CVE-2024-4567

CVE-2024-4567 (Themify Shortcodes) is a stored XSS in the Themify Shortcodes WordPress plugin up to version 2.0.9. The vulnerability stems from insufficient input sanitization and output escaping in the themify_button shortcode attributes, allowing an authenticated attacker with contributor-level...

6.4CVSS5.7AI score0.00385EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/09 8:3 p.m.68 views

CVE-2024-4542

CVE-2024-4542 is rejected and not used; please refer to CVE-2024-3548 instead.

6.7AI score
Exploits1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

7.8AI score
Exploits1References1Affected Software1
NVD
NVD
added 2024/05/02 5:15 p.m.27 views

CVE-2024-3550

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.9AI score0.00572EPSS
Exploits0References6
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-1533

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

5.4CVSS5.9AI score0.00404EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.62 views

CVE-2024-3550

CVE-2024-3550 affects the WP Shortcodes Plugin — Shortcodes Ultimate for WordPress. The description specifies a Stored XSS via shortcode attributes in all versions up to 7.1.2, exploitable by authenticated users with contributor-level access or higher, allowing arbitrary scripts to execute on pag...

6.4CVSS5.7AI score0.00572EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.3 views

WordPress plugin WP Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS8.6AI score0.00438EPSS
Exploits2References2
NVD
NVD
added 2024/04/13 5:15 a.m.13 views

CVE-2024-2583

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...

5.4CVSS5.5AI score0.00403EPSS
Exploits2References1
CVE
CVE
added 2024/04/09 6:58 p.m.88 views

CVE-2024-3512

CVE-2024-3512 is a duplicate of CVE-2024-2583. The underlying issue affects WordPress Shortcodes Plugin Shortcodes Ultimate prior to version 7.0.5, where shortcodes attributes were not properly escaped, enabling Stored XSS by users with the Contributor role. Remediation is to upgrade to version 7...

9.3AI score
Exploits1
NVD
NVD
added 2024/03/26 2:15 a.m.23 views

CVE-2024-2732

The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themifypostslider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS5.1AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 4:15 p.m.3 views

CVE-2024-1658

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00379EPSS
Exploits2References1
Prion
Prion
added 2024/02/29 1:43 a.m.27 views

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for...

5.5CVSS5.9AI score0.00443EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.3 views

WordPress Plugin WP Shortcodes Plugin - Shortcodes Ultimate Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00443EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/28 12:50 p.m.12 views

CVE-2024-1808

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 12:50 p.m.91 views

CVE-2024-1808

CVE-2024-1808 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate. It describes a Stored Cross-Site Scripting (XSS) in the plugin’s su_qrcode shortcode for all versions up to 7.0.3, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitatio...

6.4CVSS6.1AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/28 12:50 p.m.38 views

CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'suqrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.8AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder