Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0364
The real.Kit WordPress plugin prior to 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting a...
Real.kit Project Real.kit
5.4
CVSSv3
CVE-2023-0489
The SlideOnline WordPress plugin up to and including 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...
Slideonline Project Sideonline
5.4
CVSSv3
CVE-2022-4786
The Video.js WordPress plugin up to and including 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Video.js Project Video.js
5.4
CVSSv3
CVE-2022-4580
The Twenty20 Image Before-After WordPress plugin up to and including 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform...
Twenty20 Project Twenty20
5.4
CVSSv3
CVE-2023-0270
The YaMaps for WordPress Plugin WordPress plugin prior to 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Yamaps Project Yamaps
5.4
CVSSv3
CVE-2022-4777
The Bootstrap Shortcodes WordPress plugin up to and including 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
Bootstrap Shortcodes Project Bootstrap Shortcodes
5.4
CVSSv3
CVE-2022-4788
The Embed PDF WordPress plugin up to and including 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
Embed Pdf Project Embed Pdf
5.4
CVSSv3
CVE-2022-4670
The PDF.js Viewer WordPress plugin prior to 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Script...
Pdf.js Viewer Project Pdf.js Viewer
5.4
CVSSv3
CVE-2023-0067
The Timed Content WordPress plugin prior to 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
Timed Content Project Timed Content
5.4
CVSSv3
CVE-2023-0146
The Naver Map WordPress plugin up to and including 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
Naver Map Project Naver Map
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »