Lucene search
Dmitrii IgnatyevWPEX-ID:BC273E75-7FAF-4EAF-8EBD-EFC5D6E9261FHistoryApr 05, 2024 - 12:00 a.m.
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
2024-04-0500:00:00
Dmitrii Ignatyev
52
shortcodes ultimate
contributor
stored xss
poc
april 19 2024
update
exploit
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
As a contributor, put the following shortcode in a post: [su_dailymotion url='123"onload="alert(`XSS`)"']
The XSS will be triggered when (pre)viewing the postReferences
Related
wpvulndb
wpvulndb
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
2024-04-05 00:00:00
nvd
nvd
CVE-2024-3188
2024-04-26 05:15:50
vulnrichment
vulnrichment
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
2024-04-26 05:00:05
cvelist
cvelist
CVE-2024-3188 Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
2024-04-26 05:00:05
cve
cve
CVE-2024-3188
2024-04-26 05:15:50
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:BC273E75-7FAF-4EAF-8EBD-EFC5D6E9261F