CVE-2024-2583

Name of the Vulnerable Software and Affected Versions WP Shortcodes Plugin versions prior to 7.0.5

Description The issue arises from the improper escaping of some shortcode attributes, which can be exploited by users with the contributor role to conduct Stored XSS attacks. This affects over 600,000 WordPress sites, potentially allowing attackers to seize control by exploiting the Stored XSS vulnerability.

Recommendations For versions prior to 7.0.5, upgrade the plugin to the latest version to mitigate the risk. As a temporary workaround, consider restricting the contributor role's access to the plugin's shortcodes until the issue is resolved. Conduct a thorough security audit to identify any potential exploitation.