CVSS 3.1 Score 6.4 of 10 (medium)


Published May 25, 2024
Updated: May 28, 2024


CVE-2024-5220 is a vulnerability affecting the ND Shortcodes plugin for WordPress versions up to and including 7.5. This vulnerability allows authenticated attackers with Author-level access and above to inject arbitrary web scripts using the plugin's upload feature, leading to stored Cross-Site Scripting (XSS). When users access an injected page, these scripts can execute. The risk score for this vulnerability is 30, with a base severity of MEDIUM. Remediation for this vulnerability involves updating the ND Shortcodes plugin to a version that includes sufficient input sanitization and output escaping. The potential danger it poses to organizations is the possibility of attackers executing malicious scripts on web pages, potentially compromising user data or causing other detrimental effects.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-5220 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options