5.4
CVE-2024-2583
- EPSS 0.4%
- Veröffentlicht 13.04.2024 05:15:48
- Zuletzt bearbeitet 12.05.2025 19:41:58
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
Shortcodes Ultimate <= 7.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_color' Shortcode
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
Mögliche Gegenmaßnahme
Shortcodes Ultimate – Content Elements: Update to version 7.0.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshortcodes ≫ Shortcodes Ultimate SwPlatformwordpress Version < 7.0.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Shortcodes Ultimate – Content Elements
Version
*-7.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://wpscan.com/vulnerability/98d8c713-e8cd-4fad-a8fb-7a40db2742a2/
https://www.wordfence.com/threat-intel/vulnerabilities/id/1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07