Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
post shortcode project post shortcode vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0526
The Post Shortcode WordPress plugin up to and including 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross...
Post Shortcode Project Post Shortcode
4
CVSSv2
CVE-2021-24819
The Page/Post Content Shortcode WordPress plugin up to and including 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts cre...
Page\\/post Content Shortcode Project Page\\/post Content Shortcode
NA
CVE-2023-0395
The menu shortcode WordPress plugin up to and including 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripti...
Menu Shortcode Project Menu Shortcode
NA
CVE-2023-0273
The Custom Content Shortcode WordPress plugin up to and including 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St...
Custom Content Shortcode Project Custom Content Shortcode
4
CVSSv2
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
NA
CVE-2022-4761
The Post Views Count WordPress plugin up to and including 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cro...
Post Views Count Project Post Views Count
3.5
CVSSv2
CVE-2021-24855
The Display Post Metadata WordPress plugin prior to 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Display Post Metadata Project Display Post Metadata
NA
CVE-2023-5708
The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Wp Post Columns Project Wp Post Columns
NA
CVE-2023-0075
The Amazon JS WordPress plugin up to and including 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site ...
Amazonjs Project Amazonjs
NA
CVE-2023-0364
The real.Kit WordPress plugin prior to 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting a...
Real.kit Project Real.kit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »