Cmorillas1

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Cmorillas1 product.

RSS Feeds for Cmorillas1 security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Cmorillas1 products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Cmorillas1 Sorted by Most Security Vulnerabilities since 2018

Cmorillas1 Shortcodes Blocks Creator Ultimate2 vulnerabilities

Cmorillas1 External Database Based Actions1 vulnerability

Cmorillas1 Ultimate Shortcodes Creator1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Cmorillas1. Cmorillas1 did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	5	6.53

It may take a day or so for new Cmorillas1 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cmorillas1 Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2024-54264	Dec 13, 2024	Shortcodes Blocks Creator Ultimate 2.2.0 Reflected XSS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cmorillas1 Shortcodes Blocks Creator Ultimate ultimate-shortcodes-creator allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through <= 2.2.0.	Ultimate Shortcodes Creator
CVE-2024-12167	Dec 07, 2024	WordPress Shortcodes Blocks Creator Ultimate Plugin Reflected XSS Vulnerability The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	Shortcodes Blocks Creator Ultimate
CVE-2024-12166	Dec 07, 2024	WordPress Shortcodes Blocks Creator Ultimate Plugin Reflected XSS Vulnerability The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-54264 may be a duplicate of this.	Shortcodes Blocks Creator Ultimate
CVE-2024-10311	Nov 15, 2024	WordPress External Database Based Actions Plugin Authentication Bypass Vulnerability The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.	External Database Based Actions
CVE-2024-10340	Nov 05, 2024	Shortcodes Blocks Creator Ultimate XSS in 2.1.3 The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.