Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0526
The Post Shortcode WordPress plugin up to and including 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Post Shortcode Project Post Shortcode
4.3
CVSSv3
CVE-2021-24819
The Page/Post Content Shortcode WordPress plugin up to and including 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts cre...
Page\\/post Content Shortcode Project Page\\/post Content Shortcode
5.4
CVSSv3
CVE-2023-0395
The menu shortcode WordPress plugin up to and including 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
Menu Shortcode Project Menu Shortcode
5.4
CVSSv3
CVE-2023-0273
The Custom Content Shortcode WordPress plugin up to and including 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St...
Custom Content Shortcode Project Custom Content Shortcode
4.3
CVSSv3
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
5.4
CVSSv3
CVE-2022-4761
The Post Views Count WordPress plugin up to and including 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cro...
Post Views Count Project Post Views Count
5.4
CVSSv3
CVE-2021-24855
The Display Post Metadata WordPress plugin prior to 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Display Post Metadata Project Display Post Metadata
5.4
CVSSv3
CVE-2023-5708
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Wp Post Columns Project Wp Post Columns
5.4
CVSSv3
CVE-2022-4786
The Video.js WordPress plugin up to and including 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Video.js Project Video.js
5.4
CVSSv3
CVE-2023-0075
The Amazon JS WordPress plugin up to and including 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Amazonjs Project Amazonjs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »