CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38086 – WordPress Shortcodes Ultimate plugin <= 5.12.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-38086
02 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Shortcodes Ultimate versiones anteriores a 5.12.0 incluyéndola en WordPress, conllevando a un cambio de la configuración del plugin The Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.12.0. This is due to missing or incorr... • https://patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24525 – Shortcodes Ultimate < 5.10.2 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24525
23 Aug 2021 — The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). El plugin Shortcodes Ultimate de WordPress versiones anteriores a 5.10.2, permite a usuarios con roles de Colaborador llevar a cabo un ataque de tipo XSS almacenado por... • https://wpscan.com/vulnerability/7f5659bd-50c3-4725-95f4-cf88812acf1c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18580 – WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-18580
31 Oct 2017 — The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. El complemento shortcodes-ultimate en versiones anterior a 5.0.1 para WordPress tiene ejecución remota de código a través de un filtro en un meta, publicación o shortcode de usuario. • https://wordpress.org/plugins/shortcodes-ultimate/#developers • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2245 – WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-2245
23 Jun 2017 — Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. Una vulnerabilidad de salto de directorio en Shortcodes Ultimate en versiones anteriores a la 4.10.0 permite que atacantes remotos lean archivos arbitrarios mediante vectores sin especificar. • http://www.securityfocus.com/bid/99495 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •