CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2024-6766 Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

WordPress Shortcodes Ultimate Pro Plugin < 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.2.1 Fixed in 7.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6766 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID db236be8a8b4 Credits Dmitrii Ignatyev...

PT-2024-37858 · WordPress · Shortcodes-Ultimate-Pro

Name of the Vulnerable Software and Affected Versions: shortcodes-ultimate-pro WordPress plugin versions prior to 7.2.1 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some shortco...

WordPress plugin shortcodes-ultimate-pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

VulnCheck KEV: CVE-2022-24663

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user...

CVE-2024-4260

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

CVE-2024-4260 CoBlocks < 3.1.12 - Contributor+ SSRF

The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks...

CVE-2024-37097

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5...

PT-2024-27295 · Unitedthemes · Shortcodes

Name of the Vulnerable Software and Affected Versions: Shortcodes by United Themes versions prior to 5.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Arconix Shortcodes versions = 2.1.11...

WordPress Arconix Shortcodes Plugin <= 2.1.11 is vulnerable to Broken Access Control

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.11 Fixed in 2.1.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38769 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1ed0c6d94843 Credits Dhabaleshwar Das Require...

WordPress Shortcodes Ultimate Pro plugin < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS vulnerability

Contributor+ Stored Cross-Site Scripting XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate Pro versions 7.1.5...

WordPress Shortcodes Ultimate Pro Plugin < 7.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Pro Type Plugin Vulnerable versions 7.1.5 Fixed in 7.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b6182f916e0f Credits Dmitrii Ignatyev...

CVE-2024-4217

The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks...

PT-2024-29785 · WordPress · Shortcodes-Ultimate-Pro

Name of the Vulnerable Software and Affected Versions: shortcodes-ultimate-pro WordPress plugin versions prior to 7.1.5 Description: The issue allows attackers with a Contributor account to conduct Stored XSS attacks due to improper escaping of some shortcode settings. Recommendations: For versio...

WordPress plugin shortcodes-ultimate-pro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...

CVE-2023-7061

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make...

CVE-2023-7062

The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive...

WordPress Squelch Tabs and Accordions Shortcodes plugin <= 0.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via tab Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via tab Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Squelch Tabs and Accordions Shortcodes versions = 0.4.8...