Olevmedia Shortcodes

olevmedia_shortcodes

Vendor: Olevmedia • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-25798 1Olevmedia 1Olevmedia Shortcodes Jun 17, 2026 May 3, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions.
CVE-2023-0168 1Olevmedia 1Olevmedia Shortcodes Jun 17, 2026 Feb 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with...Show more The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2015-9421 1Olevmedia 1Olevmedia Shortcodes Nov 21, 2024 Sep 26, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=omsc_popup id parameter.