Shortcodes Ultimate

shortcodes_ultimate

Vendor: Getshortcodes • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41136 1Getshortcodes 1Shortcodes Ultimate Nov 21, 2024 Nov 8, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
CVE-2022-38086 1Getshortcodes 1Shortcodes Ultimate Nov 21, 2024 Oct 11, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.
CVE-2021-24525 1Getshortcodes 1Shortcodes Ultimate Nov 21, 2024 Sep 20, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do...Show more The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).Show less
CVE-2017-18580 1Getshortcodes 1Shortcodes Ultimate Nov 21, 2024 Aug 22, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
CVE-2017-2245 1Getshortcodes 1Shortcodes Ultimate May 13, 2026 Jul 7, 2017 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.

Previous 12