CVSS 3.1 Score 6.4 of 10 (medium)


Published Apr 9, 2024
Updated: Apr 10, 2024


CVE-2024-3512 is a vulnerability affecting the WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress. The vulnerability exists in all versions up to and including 7.0.4, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts using the 'note_color' shortcode. This stored cross-site scripting (XSS) attack occurs due to insufficient input sanitization and output escaping on user-supplied attributes. As a result, when a user accesses an injected page, the injected web scripts will execute. The vulnerability has a CVSS base score of 6.4 (medium severity) and poses a low risk in terms of integrity and confidentiality impacts. Remediation for this vulnerability involves updating the affected plugin to a version above 7.0.4 to address the issue and prevent potential exploitation by attackers.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3512 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options