CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37121 – WordPress Shortcode Addons plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37121
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Shortcode Addons allows Stored XSS.This issue affects Shortcode Addons: from n/a through 3.2.5. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en biplob018 Shortcode Addons permiten XSS almacenado. Este problema afecta a los complementos de Shortcode Addons: desde n/a hasta 3.2.5. The Shortcode Addons- with Visua... • https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31114 – WordPress Shortcode Addons <= 3.2.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31114
29 Mar 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en complementos de código corto biplob018. Este problema afecta a los complementos de código corto: desde n/a hasta 3.2.5. The Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension plugin for WordPress is vulnerable to arbitrary file uploads due to missin... • https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-3-2-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33970 – WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
https://notcve.org/view.php?id=CVE-2022-33970
25 Jul 2022 — Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress. Vulnerabilidad de cambio de opciones de WordPress autenticado en el plugin Biplob018 Shortcode Addons versiones anteriores a 3.1.2 incluyéndola, en WordPress The "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension" plugin for WordPress is vulnerable to arbitrary options update in versions up to, and including, 3.1.2. This makes it possible for authenticated attac... • https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-1-2-authenticated-wordpress-options-change-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34487 – WordPress Shortcode Addons plugin <= 3.0.2 - Unauthenticated Arbitrary Option Update vulnerability
https://notcve.org/view.php?id=CVE-2022-34487
30 Jun 2022 — Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. Una vulnerabilidad de actualización de opciones arbitrarias no autenticada en el plugin Shortcode Addons de biplob018 versiones anteriores a 3.0.2 incluyéndola, en WordPress The "Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension" plugin for WordPress is vulnerable to arbitrary options update in versions up to, and including, 3.0.2. This is due to improperly c... • https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-0-3-unauthenticated-arbitrary-option-update-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •