Headline
CVE-2022-41136: WordPress Shortcodes Ultimate plugin <= 5.12.0 - CSRF vulnerability leading to Stored XSS - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin’s Shortcodes Ultimate plugin <= 5.12.0 on WordPress.
Verified
Fixed
6.1
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 5.12.0
PSID
42eec00642ac
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-13
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) vulnerability discovered by Dave Jong (Patchstack) in WordPress Shortcodes Ultimate plugin (versions <= 5.12.0).
Solution
Update the WordPress Shortcodes Ultimate plugin to the latest available version (at least 5.12.1).
References