WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection

Software BCorp Shortcodes Type Plugin Vulnerable versions = 0.23 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49773 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 00a3ca6350c4 Credits Rafie Muhammad Patchstack Required privileg...

CVE-2023-47851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1...

CVE-2023-47851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1...

CVE-2023-47851

CVE-2023-47851 pertains to the WordPress plugin Bootstrap Shortcodes Ultimate (vulnerable:

WordPress Plugin Bootstrap Shortcodes Ultimate Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-30645 · Unknown · Bootstrap Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: Bootstrap Shortcodes Ultimate versions 4.3.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can injec...

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on us...

CVE-2023-6226

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6226

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6225

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied...

CVE-2023-6225

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied...

Input validation

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6225

CVE-2023-6225 affects the WordPress plug‑in WP Shortcodes Plugin — Shortcodes Ultimate and is a stored XSS vulnerability in the su_meta shortcode when combined with post meta data. Affected versions are up to 5.13.3; exploitation requires at least contributor privileges and occurs via insufficien...

CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

CVE-2023-6226

CVE-2023-6226 affects the WordPress plugin WP Shortcodes Plugin – Shortcodes Ultimate, versions ≤ 5.13.3. The issue is an Insecure Direct Object Reference (IDOR) in the su_meta shortcode caused by missing validation of user-controlled keys key and post_id. This allows authenticated users with con...

WordPress Shortcodes Ultimate Plugin <= 5.13.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.13.3 Fixed in 7.0.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6226 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7b259d4a9888 Credits Francesc...

WordPress Plugin Shortcodes Ultimate Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32570 · WordPress · Wp Shortcodes Plugin +1

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 5.13.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's su meta shortcode combined with post meta data due to...

WordPress Shortcodes Ultimate Plugin <= 5.13.3 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.13.3 Fixed in 7.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6225 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f77e11ca5365 Credits Francesco Carlucci...