CVE-2024-4542

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: This candidate was issued in error. Please use CVE-2024-3548 instead.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

16 May 2024, 14:15

Type	Values Removed	Values Added
References	{'url': 'https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069892%40shortcodes-ultimate%2Ftrunk&old=3064679%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=', 'source': 'security@wordfence.com'} ~~{'url': 'https://research.cleantalk.org/cve-2024-3548/', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8/', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/71564eec-426a-46fa-b614-388bebae6ebd?source=cve', 'source': 'security@wordfence.com'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~6.4~~	v2 : unknown v3 : unknown
Summary	(en) The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	(en) Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-3548. Reason: This candidate was issued in error. Please use CVE-2024-3548 instead.

14 May 2024, 15:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:44

Updated : 2024-05-16 14:15

NVD link : CVE-2024-4542

Mitre link : CVE-2024-4542

CVE.ORG link : CVE-2024-4542

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-4542

Attach tags to `CVE-2024-4542`