Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4
CVE-2024-5220
- EPSS 0.25%
- Veröffentlicht 25.05.2024 02:15:41
- Zuletzt bearbeitet 21.11.2024 09:47:12
The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authe...
5.4
CVE-2022-4623
- EPSS 0.09%
- Veröffentlicht 04.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 07:35:36
The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe...
8.8
CVE-2023-1273
- EPSS 10.8%
- Veröffentlicht 04.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 07:38:48
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
1