CVE-2024-4553

CVE-2024-4553 affects the WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate. The stored XSS flaw occurs in the su_members shortcode due to insufficient input sanitization and output escaping of the color attribute, exploitable by authenticated users with contributor-level access or high...

WordPress Shortcodes Ultimate plugin <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sumembers Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Shortcodes Ultimate versions = 7.1.5...

WP Shortcodes Plugin < 7.1.6 - Contributor+ Stored XSS via su_members Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'sumembers' shortcode due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to...

CVE-2023-6488

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subutton', 'sumembers', and 'sutabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplie...