Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Getshortcodes Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41136 1 Getshortcodes 1 Shortcodes Ultimate 2022-11-09 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
CVE-2022-38086 1 Getshortcodes 1 Shortcodes Ultimate 2022-10-12 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.
CVE-2021-24525 1 Getshortcodes 1 Shortcodes Ultimate 2021-09-27 3.5 LOW 5.4 MEDIUM
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).
CVE-2017-2245 1 Getshortcodes 1 Shortcodes Ultimate 2020-04-23 4.0 MEDIUM 5.0 MEDIUM
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2017-18580 1 Getshortcodes 1 Shortcodes Ultimate 2019-08-23 7.5 HIGH 9.8 CRITICAL
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.