VYPR

shortcodes-ultimate-pro

by WordPress

CVEs (2)

  • CVE-2024-6766MedAug 6, 2024
    risk 0.35cvss 5.4epss 0.00

    The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…

  • CVE-2024-4217MedJul 13, 2024
    risk 0.31cvss 4.7epss 0.00

    The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.