Getshortcodes

Shortcodes Ultimate

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-0792

  • EPSS 0.19%
  • Veröffentlicht 29.02.2024 01:43:29
  • Zuletzt bearbeitet 27.01.2025 17:20:20

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on R...

5.4

CVE-2024-1808

  • EPSS 0.17%
  • Veröffentlicht 28.02.2024 13:15:07
  • Zuletzt bearbeitet 27.01.2025 17:44:15

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output esca...

5.4

CVE-2024-1510

  • EPSS 0.17%
  • Veröffentlicht 20.02.2024 03:15:08
  • Zuletzt bearbeitet 04.02.2025 21:00:07

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escap...

5.4

CVE-2023-6488

  • EPSS 0.09%
  • Veröffentlicht 19.12.2023 02:15:44
  • Zuletzt bearbeitet 21.11.2024 08:43:57

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient inpu...

4.3

CVE-2023-6226

Exploit
  • EPSS 0.13%
  • Veröffentlicht 28.11.2023 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:24

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' a...

5.4

CVE-2023-6225

Exploit
  • EPSS 0.09%
  • Veröffentlicht 28.11.2023 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:24

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sa...

6.5

CVE-2023-23800

  • EPSS 0.18%
  • Veröffentlicht 13.11.2023 03:15:08
  • Zuletzt bearbeitet 21.11.2024 07:46:51

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.

5.4

CVE-2023-25040

  • EPSS 0.1%
  • Veröffentlicht 30.03.2023 12:15:07
  • Zuletzt bearbeitet 21.11.2024 07:48:58

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.

6.5

CVE-2023-0911

Exploit
  • EPSS 0.3%
  • Veröffentlicht 20.03.2023 16:15:12
  • Zuletzt bearbeitet 25.02.2025 21:15:10

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except t...

6.5

CVE-2023-0890

Exploit
  • EPSS 0.3%
  • Veröffentlicht 20.03.2023 16:15:12
  • Zuletzt bearbeitet 21.11.2024 07:38:02

The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated user...