Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getshortcodes shortcodes ultimate vulnerabilities and exploits
(subscribe to this query)
5
CVSSv3
CVE-2017-2245
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote malicious users to read arbitrary files via unspecified vectors.
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-0911
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as...
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-25040
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.
Getshortcodes Shortcodes Ultimate
6.5
CVSSv3
CVE-2023-0890
The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin prior to 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber t...
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2021-24525
The Shortcodes Ultimate WordPress plugin prior to 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attribut...
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-6488
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insuff...
Getshortcodes Shortcodes Ultimate
4.3
CVSSv3
CVE-2022-38086
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.
Getshortcodes Shortcodes Ultimate
5.4
CVSSv3
CVE-2023-6225
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and outp...
Getshortcodes Shortcodes Ultimate
4.3
CVSSv3
CVE-2023-6226
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_...
Getshortcodes Shortcodes Ultimate
9.8
CVSSv3
CVE-2017-18580
The shortcodes-ultimate plugin prior to 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
Getshortcodes Shortcodes Ultimate
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »