Lucene search
K

189 matches found

CVE
CVE
added 2023/03/20 3:52 p.m.82 views

CVE-2023-0911

The CVE concerns the WordPress plugin Shortcodes Ultimate (before 5.12.8). The vulnerability arises because the plugin does not validate the user meta returned by the user shortcode, allowing any authenticated user (e.g., subscriber) to retrieve arbitrary user metadata (excluding user_pass), such...

6.5CVSS6.7AI score0.00654EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/02/21 9:15 a.m.2 views

CVE-2022-4777

The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/02/11 12:0 a.m.3 views

WordPress plugin ND Shortcodes 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A path traversal vulnerability exists in th...

8.8CVSS8AI score0.01683EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/01/27 12:0 a.m.10 views

WordPress Olevmedia Shortcodes Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Olevmedia Shortcodes Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0168 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 576499d3655f Credits István Márton...

5.4CVSS5.7AI score0.0049EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2022/09/23 3:15 p.m.25 views

CVE-2022-37342

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

4.8CVSS0.00539EPSS
Exploits0References2
Prion
Prion
added 2022/09/23 3:15 p.m.20 views

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability Add Shortcodes Actions And Filters plugin = 2.0.9 at WordPress...

4.3CVSS4.9AI score0.00539EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/23 2:38 p.m.26 views

CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

4.8CVSS5.1AI score0.00437EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/02 12:0 a.m.2 views

WordPress nd-shortcodes plugin unauthorized operation vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. nd-shortcodes is a drag-and-drop page builder plugin used in it. A security vulnerability exists in WordPress nd-shortcodes plugin...

6.1CVSS6.6AI score0.0134EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/29 12:37 p.m.25 views

CVE-2019-15771

The nd-shortcodes plugin before 6.0 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

6.4AI score0.0134EPSS
Exploits1References3
Rows per page
Query Builder