Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Olevmedia Subscribe
Filtered by product Olevmedia Shortcodes
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0168 1 Olevmedia 1 Olevmedia Shortcodes 2023-03-03 N/A 5.4 MEDIUM
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2015-9421 1 Olevmedia 1 Olevmedia Shortcodes 2019-09-26 4.3 MEDIUM 6.5 MEDIUM
The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.