Getshortcodes Shortcodes Ultimate vulnerabilities
25 known vulnerabilities affecting getshortcodes/shortcodes_ultimate.
Total CVEs
25
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM23
Vulnerabilities
Page 2 of 2
CVE-2024-3548P4MEDIUMCVSS 6.1fixed in 7.1.22024-05-15
CVE-2024-3548 [MEDIUM] CWE-79 CVE-2024-3548: The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and e
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
nvd
CVE-2024-4821P4MEDIUMCVSS 5.4fixed in 7.1.72024-06-05
CVE-2024-4821 [MEDIUM] CWE-79 CVE-2024-4821: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-l
nvd
CVE-2024-1808P4MEDIUMCVSS 5.4fixed in 7.0.42024-02-28
CVE-2024-1808 [MEDIUM] CWE-79 CVE-2024-1808: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Si
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-l
nvd
CVE-2024-4217P4MEDIUMCVSS 4.7fixed in 7.1.52024-07-13
CVE-2024-4217 [MEDIUM] CWE-79 CVE-2024-4217: The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its short
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.
nvd
CVE-2022-38086P4MEDIUMCVSS 4.3≤ 5.12.02022-10-11
CVE-2022-38086 [MEDIUM] CWE-352 CVE-2022-38086: Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.
nvd
← Previous2 / 2