Lucene search
Dmitrii IgnatyevWPVDB-ID:98D8C713-E8CD-4FAD-A8FB-7A40DB2742A2HistoryMar 23, 2024 - 12:00 a.m.
Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
2024-03-2300:00:00
Dmitrii Ignatyev
wpscan.com
10
plugin
stored xss
contributor role
Description The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
PoC
[su_note note_color=‘123"onmouseover=“alert(/XSS/)”’ text_color=‘1’ radius=‘1’ class=‘1’ id=“1”]Note text[/su_note]
References
Related
cvelist
cvelist
CVE-2024-2583 Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
2024-04-13 05:00:02
nvd
nvd
CVE-2024-2583
2024-04-13 05:15:48
CVE-2024-3512
2024-04-09 19:15:41
vulnrichment
vulnrichment
CVE-2024-2583 Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
2024-04-13 05:00:02
wpexploit
wpexploit
Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
2024-03-23 00:00:00
cve
cve
CVE-2024-2583
2024-04-13 05:15:48
CVE-2024-3512
2024-04-09 19:15:41
AI Score
5.6
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:98D8C713-E8CD-4FAD-A8FB-7A40DB2742A2