VYPR

Remote Content Shortcode

by WordPress

CVEs (4)

  • CVE-2024-2090MedAug 1, 2024
    risk 0.42cvss 6.4epss 0.00

    The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web…

  • CVE-2023-45652MedMay 17, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5.

  • CVE-2024-2089MedMay 30, 2024
    risk 0.35cvss 5.4epss 0.00

    The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2023-0273MedMar 20, 2023
    risk 0.35cvss 5.4epss 0.00

    The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…