QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24525

Back to search

CVE-2021-24525

Published: Sep 20, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute).

VendorProductVersions

Unknown

WordPress Shortcodes Plugin — Shortcodes Ultimate

affected
5.10.2 - < 5.10.2

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now