189 matches found
CVE-2023-0911
The CVE concerns the WordPress plugin Shortcodes Ultimate (before 5.12.8). The vulnerability arises because the plugin does not validate the user meta returned by the user shortcode, allowing any authenticated user (e.g., subscriber) to retrieve arbitrary user metadata (excluding user_pass), such...
CVE-2022-4777
The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin ND Shortcodes 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A path traversal vulnerability exists in th...
WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0168 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 576499d3655f Credits István Márton...
CVE-2022-37342
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...
Cross site scripting
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...
CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...
WordPress nd-shortcodes plugin unauthorized operation vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-shortcodes is a drag-and-drop page builder plugin used in it. A security vulnerability exists in WordPress nd-shortcodes plugin...
CVE-2019-15771
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...