4 matches found
CVE-2024-3188
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2024-3188
CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...