CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45643 – WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45643
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Anurag Deshmukh CPT Shortcode Generator en versiones <= 1.0. The CPT Shortcode Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45644 – WordPress CPT Shortcode Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-45644
12 Oct 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Anurag Deshmukh CPT Shortcode Generator en versiones <= 1.0. The CPT Shortcode Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in versions up to, and including, 1.0 due to insufficient input sanitization and output e... • https://patchstack.com/database/vulnerability/cpt-shortcode/wordpress-cpt-shortcode-generator-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •