Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Shortcodes_ultimate
(Getshortcodes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-20 | CVE-2021-24525 | The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). | Shortcodes_ultimate | 5.4 | ||
| 2017-07-07 | CVE-2017-2245 | Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | Shortcodes_ultimate | N/A | ||
| 2019-08-22 | CVE-2017-18580 | The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | Shortcodes_ultimate | 9.8 |