CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47231 – WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47231
03 Nov 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Autenticada (con permisos de colaboradores o superiores) Almacenada en el complemento Bainternet ShortCodes UI en versiones <= 1.9.8. The ShortCodes UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output es... • https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44994 – WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-44994
03 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Bainternet ShortCodes UI en versiones <= 1.9.8. The ShortCodes UI plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forg... • https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •