Filtered by vendor Getshortcodes
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41136 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2022-11-09 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. | |||||
CVE-2022-38086 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2022-10-12 | N/A | 4.3 MEDIUM |
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | |||||
CVE-2021-24525 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). | |||||
CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2020-04-23 | 4.0 MEDIUM | 5.0 MEDIUM |
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2017-18580 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2019-08-23 | 7.5 HIGH | 9.8 CRITICAL |
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. |