3 matches found
CVE-2023-1273
CVE-2023-1273 affects the WordPress plugin ND Shortcodes (before 7.0). The issue is that some shortcode attributes used to generate include paths are not validated, allowing an authenticated user (e.g., a subscriber) to perform a Local File Inclusion (LFI) attack by manipulating the path. Public ...
CVE-2022-4623
The CVE-2022-4623 entry concerns the ND Shortcodes WordPress plugin prior to version 7.0. It states that the plugin does not validate and escape numerous shortcode attributes before output, allowing users with the contributor role and above to perform Stored Cross-Site Scripting when the shortcod...
CVE-2024-5220
The ND Shortcodes plugin for WordPress (up to version 7.5) is affected by a Stored XSS via the plugin’s upload feature. Exploitation requires authenticated access at Author level or higher, allowing script injection into pages that execute for users visiting injected pages. Patch status for CVE-2...