5.4
CVE-2024-2583
- EPSS 0.17%
- Veröffentlicht 13.04.2024 05:15:48
- Zuletzt bearbeitet 12.05.2025 19:41:58
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Shortcodes Ultimate <= 7.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_color' Shortcode
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
Mögliche Gegenmaßnahme
WP Shortcodes Plugin — Shortcodes Ultimate: Update to version 7.0.5, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Shortcodes Plugin — Shortcodes Ultimate
Version
*-7.0.4
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshortcodes ≫ Shortcodes Ultimate SwPlatformwordpress Version < 7.0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.387 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.