Skip to main content

Rescue Shortcodes

4 CVEs product

Monthly

CVE-2025-62110 MEDIUM This Month

Stored cross-site scripting (XSS) in Rescue Shortcodes WordPress plugin versions through 3.3 allows authenticated users with limited privileges to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators and other high-privilege accounts. Attack requires user interaction (UI:R) but affects the entire scope of the application (S:C), enabling privilege escalation and data theft with moderate impact.

XSS Rescue Shortcodes
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-11199 MEDIUM PATCH This Month

The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rescue Shortcodes
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-9696 MEDIUM PATCH This Month

The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rescue Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-41728 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rescue Shortcodes
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting (XSS) in Rescue Shortcodes WordPress plugin versions through 3.3 allows authenticated users with limited privileges to inject malicious scripts that execute in the context of other users' browsers, potentially compromising site administrators and other high-privilege accounts. Attack requires user interaction (UI:R) but affects the entire scope of the application (S:C), enabling privilege escalation and data theft with moderate impact.

XSS Rescue Shortcodes
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rescue Shortcodes
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Rescue Shortcodes
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rescue Shortcodes
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy