CVE-2024-3548
published 2024-05-15CVE-2024-3548: The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.44%
35.2th percentile
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getshortcodes | shortcodes_ultimate | < 7.1.2 | 7.1.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fgjm-9hpr-9w7r: The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7
ghsa_unreviewed·2024-05-15
CVE-2024-3548 [MEDIUM] CWE-79 GHSA-fgjm-9hpr-9w7r: The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Red Hat
kernel: hsr: Fix uninit-value access in hsr_get_node()
vendor_redhat·2024-04-17·CVSS 5.5
CVE-2024-26863 [MEDIUM] CWE-20 kernel: hsr: Fix uninit-value access in hsr_get_node()
kernel: hsr: Fix uninit-value access in hsr_get_node()
In the Linux kernel, the following vulnerability has been resolved:
hsr: Fix uninit-value access in hsr_get_node()
KMSAN reported the following uninit-value access issue [1]:
BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246
fill_frame_info net/hsr/hsr_forward.c:577 [inline]
hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615
hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
__dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
dev_queue_xmit include
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-15
Published