The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-08-06T06:00:06.735Z

Updated: 2024-08-06T13:29:57.531Z

Reserved: 2024-07-15T19:31:39.134Z

Link: CVE-2024-6766

cve-icon Vulnrichment

Updated: 2024-08-06T13:29:01.268Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-06T06:15:36.047

Modified: 2024-08-06T16:30:24.547

Link: CVE-2024-6766

cve-icon Redhat

No data.