Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6...

CVE-2023-23800

CVE-2023-23800 concerns the WordPress plugin “WP Shortcodes Plugin — Shortcodes Ultimate” (versions

CVE-2023-5237

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2023-5566

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5566 Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5566 Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress Simple Shortcodes Plugin <= 1.0.20 is vulnerable to Cross Site Scripting (XSS)

Software Simple Shortcodes Type Plugin Vulnerable versions = 1.0.20 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5566 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f3951a8b757d Credits István Márton Required...

CVE-2023-44475

Cross-Site Request Forgery CSRF vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin = 2.0.9 versions...

CVE-2023-41728

CVE-2023-41728: WordPress Rescue Shortcodes plugin

WordPress Rescue Shortcodes Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS)

Software Rescue Shortcodes Type Plugin Vulnerable versions = 2.5 Fixed in 2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-41728 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e35ae9ed3dd7 Credits yuyudhn Required privileg...

CVE-2023-1273

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

WordPress plugin ND Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-25798

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Olevmedia Olevmedia Shortcodes plugin = 1.1.9 versions...

CVE-2023-25798

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Olevmedia Olevmedia Shortcodes plugin = 1.1.9 versions...

CVE-2023-25798 WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Olevmedia Olevmedia Shortcodes plugin = 1.1.9 versions...

WordPress Shortcodes Plugin <= 3.46 is vulnerable to Broken Access Control

Software Shortcodes Type Plugin Vulnerable versions = 3.46 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23725 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 82dcb0293d26 Credits István Márton Required privilege...

CVE-2023-25040

CVE-2023-25040 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Shortcodes Ultimate (aka Shortcodes Ultimate) by Vova Anokhin, affecting versions &lt;= 5.12.6. The issue is a stored XSS flaw; the exact root-cause details are not provided in the supplied documents. Publ...

CVE-2023-0911

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta except the userpass, such as the user email and activati...

CVE-2023-0911

The CVE concerns the WordPress plugin Shortcodes Ultimate (before 5.12.8). The vulnerability arises because the plugin does not validate the user meta returned by the user shortcode, allowing any authenticated user (e.g., subscriber) to retrieve arbitrary user metadata (excluding user_pass), such...

CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...