Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/06 9:45 a.m.8 views

CVE-2025-0370

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.31127EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/04 9:22 a.m.16 views

CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.31127EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/04 9:22 a.m.7 views

CVE-2025-0370 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.31127EPSS
Exploits0References4
CVE
CVE
added 2025/03/04 9:22 a.m.64 views

CVE-2025-0370

CVE-2025-0370 refers to a stored XSS in the WordPress plug-in "WP Shortcodes Plugin — Shortcodes Ultimate" (versions up to 7.3.3). The root cause is insufficient input sanitization and output escaping in the src parameter, allowing authenticated attackers with Contributor+ privileges to inject sc...

6.4CVSS5.7AI score0.31127EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder