Vulnerabilities > Getshortcodes > Shortcodes Ultimate
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-38086 | Cross-Site Request Forgery (CSRF) vulnerability in Getshortcodes Shortcodes Ultimate Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. | 4.3 |
| 2021-09-20 | CVE-2021-24525 | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. | 3.5 |
| 2019-08-22 | CVE-2017-18580 | Improper Input Validation vulnerability in Getshortcodes Shortcodes Ultimate The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. | 7.5 |
| 2017-07-07 | CVE-2017-2245 | Path Traversal vulnerability in Getshortcodes Shortcodes Ultimate Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | 4.0 |