CVE-2024-3512

Rejected reason: **DUPLICATE*** Please use CVE-2024-2583 instead.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

25 Apr 2024, 13:15

Type	Values Removed	Values Added
Summary	(es) El complemento WP Shortcodes Plugin — Shortcodes Ultimate para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del código abreviado 'note_color' del complemento en todas las versiones hasta la 7.0.4 incluida debido a una sanitización de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.
Summary	(en) The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	(en) Rejected reason: DUPLICATE* Please use CVE-2024-2583 instead.
CVSS	v2 : ~~unknown~~ v3 : ~~6.4~~	v2 : unknown v3 : unknown
References	{'url': 'https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056732%40shortcodes-ultimate&new=3056732%40shortcodes-ultimate&sfp_email=&sfph_mail=', 'source': 'security@wordfence.com'} ~~{'url': 'https://research.cleantalk.org/cve-2024-2583/', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://wpscan.com/vulnerability/98d8c713-e8cd-4fad-a8fb-7a40db2742a2/', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07?source=cve', 'source': 'security@wordfence.com'}~~

09 Apr 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 19:15

Updated : 2024-04-25 13:15

NVD link : CVE-2024-3512

Mitre link : CVE-2024-3512

CVE.ORG link : CVE-2024-3512

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-3512

Attach tags to `CVE-2024-3512`