3 matches found
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...
CVE-2026-2480
CVE-2026-2480 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.10. The vulnerability is a Stored Cross-Site Scripting (XSS) in the su_box shortcode via the max_width attribute, caused by insufficient input sanitization and output escaping on user-supplied attribu...
Roxy Fileman 1.4.5 Shell Upload
Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...