CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

187 matches found

NVD•added 2024/02/20 3:15 a.m.•7 views

CVE-2024-1510

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sutooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplie...

6.4CVSS5.7AI score0.00278EPSS

Exploits0References3

Prion•added 2024/02/20 3:15 a.m.•13 views

Cross site scripting

5.5CVSS5.9AI score0.00278EPSS

Exploits0References3

Vulnrichment•added 2024/02/20 2:34 a.m.•7 views

CVE-2024-1510 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode

6.4CVSS7AI score0.00278EPSS

Exploits0References3

Cvelist•added 2024/02/20 2:34 a.m.•28 views

CVE-2024-1510 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode

6.4CVSS5.8AI score0.00278EPSS

Exploits0References3

CVE•added 2024/02/20 2:34 a.m.•76 views

CVE-2024-1510

CVE-2024-1510: WP Shortcodes Plugin — Shortcodes Ultimate is affected by a stored XSS via the su_tooltip shortcode in all versions up to 7.0.2. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes and tags, enabling authenticated attackers with cont...

6.4CVSS6AI score0.00278EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/02/20 12:0 a.m.•2 views

WordPress Plugin WP Shortcodes Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS8.3AI score0.00278EPSS

Exploits0References4

Positive Technologies•added 2024/02/19 12:0 a.m.•3 views

PT-2024-18102 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su tooltip shortcode due to insufficient input sanitization...

6.4CVSS8.2AI score0.00278EPSS

Exploits0References7

WPVulnDB•added 2024/02/09 12:0 a.m.•25 views

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possib...

5.5CVSS5.6AI score0.00232EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/01/31 6:0 p.m.•19 views

CVE-2024-22162 WordPress WPZOOM Shortcodes Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.3...

7.1CVSS7.2AI score0.00083EPSS

Exploits0References1

Cvelist•added 2023/12/20 3:31 p.m.•17 views

CVE-2023-49773 WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23...

10CVSS9.7AI score0.00396EPSS

Exploits0References1

CVE•added 2023/12/19 1:58 a.m.•60 views

CVE-2023-6488

CVE-2023-6488 concerns the WP Shortcodes Plugin — Shortcodes Ultimate for WordPress. The issue is a stored cross-site scripting (XSS) vulnerability in the plugin’s shortcodes (su_button, su_members, su_tabs) present in all versions up to 7.0.0. The root cause is insufficient input sanitization an...

5.4CVSS5.2AI score0.00092EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/12/19 1:58 a.m.•36 views

CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

5.4CVSS5.2AI score0.00092EPSS

Exploits0References3

CNNVD•added 2023/12/18 12:0 a.m.•2 views

WordPress Plugin WP Shortcodes Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS5.9AI score0.00092EPSS

Exploits0References5

OSV•added 2023/11/28 5:15 a.m.•4 views

CVE-2023-6225

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied...

5.4CVSS5.9AI score

Exploits0References3

Cvelist•added 2023/11/28 4:31 a.m.•23 views

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

4.3CVSS5AI score0.00125EPSS

Exploits1References3

CVE•added 2023/11/28 4:31 a.m.•89 views

CVE-2023-6225

CVE-2023-6225 affects the WordPress plug‑in WP Shortcodes Plugin — Shortcodes Ultimate and is a stored XSS vulnerability in the su_meta shortcode when combined with post meta data. Affected versions are up to 5.13.3; exploitation requires at least contributor privileges and occurs via insufficien...

6.4CVSS5.2AI score0.00087EPSS

Exploits1References3Affected Software1

CVE•added 2023/11/28 4:31 a.m.•73 views

CVE-2023-6226

CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...

4.3CVSS4.7AI score0.00125EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2023/11/28 12:0 a.m.•4 views

PT-2023-32571 · WordPress · Wp Shortcodes Plugin

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue allows authenticated attackers with contributor-level access and above to retrieve arbitrary post meta values, which...

4.3CVSS5.4AI score0.00125EPSS

Exploits1References7

Positive Technologies•added 2023/11/28 12:0 a.m.•3 views

PT-2023-32570 · WordPress · Wp Shortcodes Plugin +1

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su meta shortcode combined with post meta data due to...

6.4CVSS5.7AI score0.00087EPSS

Exploits1References6

OSV•added 2023/11/13 3:15 a.m.•1 views

CVE-2023-23800

Server-Side Request Forgery SSRF vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6...

6.5CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by