CVE-2024-1510 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sutooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplie...

CVE-2024-1510

CVE-2024-1510: WP Shortcodes Plugin — Shortcodes Ultimate is affected by a stored XSS via the su_tooltip shortcode in all versions up to 7.0.2. The issue stems from insufficient input sanitization and output escaping on user-supplied attributes and tags, enabling authenticated attackers with cont...

WordPress Plugin WP Shortcodes Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Shortcodes Ultimate < 7.0.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its sutooltip shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...