Every CVE whose affected-product data names Custom Content Shortcode Project Custom Content Shortcode, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-0340 — CVSS 8.8 (high): The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with…
CVE-2021-24826 — CVSS 5.4 (medium): The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow…
CVE-2023-0273 — CVSS 5.4 (medium): The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting…
CVE-2021-24824 — CVSS 4.3 (medium): The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as…
CVE-2021-24825 — CVSS 4.3 (medium): The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow…