EUVD-2022-44378

Malicious code in bioql PyPI...

CVE-2017-18580

The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...

CVE-2024-2583

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks...

CVE-2023-6488 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

CVE-2023-25040

CVE-2023-25040 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Shortcodes Ultimate (aka Shortcodes Ultimate) by Vova Anokhin, affecting versions &lt;= 5.12.6. The issue is a stored XSS flaw; the exact root-cause details are not provided in the supplied documents. Publ...

CVE-2023-25040 WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin = 5.12.6 versions...

WordPress Shortcodes Ultimate Plugin <= 5.12.6 is vulnerable to Server Side Request Forgery (SSRF)

Software Shortcodes Ultimate Type Plugin Vulnerable versions = 5.12.6 Fixed in 5.12.7 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-23800 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID b83339aecda3 Credits Rafie Muhamm...

CVE-2022-41136

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS in Vladimir Anokhin's Shortcodes Ultimate plugin = 5.12.0 on WordPress...

CVE-2022-41136

The CVE-2022-41136 entry concerns the WordPress Shortcodes Ultimate plugin, specifically versions

CVE-2022-38086

CVE-2022-38086 affects the WordPress plugin Shortcodes Ultimate

Shortcodes Ultimate <= 5.0.0 - Authenticated Contributor Code Execution

The Shortcodes Ultimate plugin does not sanitize the "filter" argument to the "sumeta", "suuser", and "supost" shortcodes, allowing the filter to be set to the "system" function which runs arbitrary code. This is being exploited in the wild; I discovered this though analysis of modsecurity audit...