WordPress Plugin Vulnerabilities

WP Canvas - Shortcodes < 2.07 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Shortcodes by Angie Makes WordPress plugin was affected by a Shortcodes <= 2.05 - Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wc-shortcodes
Fixed in 2.07

References

URL
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_in_wp_canvas___shortcodes_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Nov/116

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7abdbe42-792d-494e-b1f4-e66cca1098d4

Timeline

Publicly Published
2016-11-19 (about 9 years ago)
Added
2016-11-21 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-09-26
Title
Embed Any Document < 2.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-07
Title
Slotti Ajanvaraus < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-12-01
Title
Nexter Extension < 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2023-10-18
Title
User Location and IP < 2.0 - Contributor+ Stored XSS
Published
2024-04-05
Title
Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import