Getshortcodes

Shortcodes Ultimate

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-5567

  • EPSS 0.02%
  • Veröffentlicht 04.07.2025 02:22:33
  • Zuletzt bearbeitet 09.07.2025 17:50:47

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output es...

5.4

CVE-2024-8500

  • EPSS 0.19%
  • Veröffentlicht 23.10.2024 11:15:13
  • Zuletzt bearbeitet 25.10.2024 16:43:24

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This m...

5.4

CVE-2024-6766

Exploit
  • EPSS 0.25%
  • Veröffentlicht 06.08.2024 06:15:36
  • Zuletzt bearbeitet 13.06.2025 00:16:33

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo...

4.7

CVE-2024-4217

Exploit
  • EPSS 0.13%
  • Veröffentlicht 13.07.2024 06:15:03
  • Zuletzt bearbeitet 10.06.2025 16:00:06

The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.

5.4

CVE-2024-4821

  • EPSS 0.23%
  • Veröffentlicht 05.06.2024 09:15:10
  • Zuletzt bearbeitet 21.11.2024 09:43:41

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output esca...

5.4

CVE-2024-4553

  • EPSS 0.39%
  • Veröffentlicht 21.05.2024 10:15:10
  • Zuletzt bearbeitet 24.01.2025 14:42:56

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output esc...

6.1

CVE-2024-3548

Exploit
  • EPSS 0.25%
  • Veröffentlicht 15.05.2024 06:15:12
  • Zuletzt bearbeitet 27.03.2025 15:15:53

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users ...

5.4

CVE-2024-3550

  • EPSS 0.25%
  • Veröffentlicht 02.05.2024 17:15:26
  • Zuletzt bearbeitet 04.02.2025 17:07:26

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on u...

6.3

CVE-2024-3188

Exploit
  • EPSS 0.19%
  • Veröffentlicht 26.04.2024 05:15:50
  • Zuletzt bearbeitet 14.05.2025 17:31:10

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contr...

5.4

CVE-2024-2583

Exploit
  • EPSS 0.17%
  • Veröffentlicht 13.04.2024 05:15:48
  • Zuletzt bearbeitet 12.05.2025 19:41:58

The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS...