Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25040 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-19 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions. | ||||
| CVE-2023-23800 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | 7.1 High |
| Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6. | ||||
| CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | ||||
| CVE-2021-24525 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | 5.4 Medium |
| The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). | ||||
| CVE-2017-18580 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2024-11-21 | N/A |
| The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | ||||