Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getshortcodes shortcodes ultimate vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-6488
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insuff...
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-0890
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber t...
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as...
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-6225
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and outp...
Getshortcodes Shortcodes Ultimate
4.3
CVSSv3
CVE-2023-6226
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_...
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-25040
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.
Getshortcodes Shortcodes Ultimate
8.8
CVSSv3
CVE-2022-41136
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
Getshortcodes Shortcodes Ultimate
9.8
CVSSv3
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-23800
Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a up to and including 5.12.6.
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2021-24525
The Shortcodes Ultimate WordPress plugin prior to 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attribut...
Getshortcodes Shortcodes Ultimate
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »