cleantalk
Vulnerabilities and Security Researches

JSFiddle Shortcode, CVE-2024-10818

CVE, Research URL

CVE-2024-10818

Home page URL

Security reports for JSFiddle Shortcode

Application

JSFiddle Shortcode

Published on
May 16, 2025
Research Description
The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.1.3.
Status
vulnerable
Previous vulnerability researches
SB Chart block (CVE-2025-3661) , Apr 20, 2025
New vulnerability
HD Quiz (CVE-2024-13383) , May 17, 2025
AffiliateImporterEb (CVE-2024-12733) , May 17, 2025
AffiliateImporterEb (CVE-2024-12732) , May 17, 2025
Broadstreet (CVE-2025-48113) , May 17, 2025
Prisna GWT – Google Website Translator (CVE-2024-12679) , May 17, 2025