Log out
Get PRO

Latest

Input validation vulnerability in WordPress Shortcodes Plugin — Shortcodes Ultimate 4.9.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: May 5, 2015

The WordPress Shortcodes Plugin, also known as Shortcodes Ultimate, is vulnerable to a type of attack called Reflected Cross-Site Scripting in versions up to 4.9.3. This type of attack occurs when malicious scripts can be injected into webpages, such as clicking on a link, without the user’s authentication or knowledge. If this happens, the scripts can be executed, allowing the attacker to gain access to the user’s information and potentially take control of the device. To prevent this from happening, it is important to make sure all input is sanitized and all output is escaped.

Detected in:

WordPress Shortcodes Plugin — Shortcodes Ultimate fixed vulnerable versions: >= * <= 4.9.3
WP Shortcodes Plugin — Shortcodes Ultimate fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.