2 matches found
WordPress ND Shortcodes For Visual Composer Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS)
Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions = 7.5 Fixed in 7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5220 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d079d9ce83d0 Credits wesley...
CVE-2024-5220 ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...