← volver
CVE-2024-2583

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

CVSS 5.4 MEDIUMEPSS 0.4%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 abr 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N