CVE-2024-10226
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>With this plugin you can easily add various kinds of styled boxes, buttons, tabs, accordions, unordered lists, columns and more.<br />
New in version 2.0, the box, button, list and tab shortcodes support custom <a href="http://fontawesome.github.io/Font-Awesome/" rel="nofollow ugc">FontAwesome</a> icons for a flexible display</p>
<h4>Features</h4>
<ul>
<li>6 style shortcodes (accordions, boxes, tabs, toggles, etc…)</li>
<li>6 utility shortcodes (login-logout, highlight, etc…)</li>
<li>Shortcodes for up to 5 column display</li>
<li><a href="http://fontawesome.github.io/Font-Awesome/" rel="nofollow ugc">FontAwesome</a> support for boxes, buttons, lists, and tabs gives your interactive elements that extra pop</li>
<li>Responsive shortcode design to fit any screen</li>
<li>Has a Compatibility Mode available to help prevent shortcode name conflicts</li>
</ul>
<p><a href="http://demo.arconixpc.com/arconix-shortcodes" rel="nofollow ugc">Live Demo</a><br />
<a href="https://www.tychesoftwares.com/docs/docs/shortcodes/" rel="nofollow ugc">Documentation</a></p>
<blockquote>
<p><strong>Tastes Great AND Less Filling</strong> Very effective and easy to use shortcodes help your site look sharp and saves space. Really like this plugin and recommend it to others.<br />
<a href="https://wordpress.org/support/topic/tastes-great-and-less-filling/" rel="ugc">Jan McClintock</a></p>
</blockquote>
<h4>Some of our Pro plugins</h4>
<ol>
<li>
<p><strong><a href="https://www.tychesoftwares.com/store/premium-plugins/deposits-for-woocommerce/?utm_source=wprepo&utm_medium=link&utm_campaign=Shortcodes" title="Deposits plugin for WooCommerce" rel="nofollow ugc">Deposits plugin for WooCommerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://www.tychesoftwares.com/store/premium-plugins/product-delivery-date-pro-for-woocommerce/?utm_source=wprepo&utm_medium=otherprolink&utm_campaign=Shortcodes" title="Product Delivery Date Pro for WooCommerce" rel="nofollow ugc">Product Delivery Date Pro for WooCommerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://www.tychesoftwares.com/store/premium-plugins/order-delivery-date-for-woocommerce-pro-21/?utm_source=wprepo&utm_medium=link&utm_campaign=Shortcodes" title="Order Delivery Date Pro for WooCommerce" rel="nofollow ugc">Order Delivery Date Pro for WooCommerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://www.tychesoftwares.com/store/premium-plugins/woocommerce-abandoned-cart-pro/?utm_source=wprepo&utm_medium=link&utm_campaign=Shortcodes" title="Abandoned Cart Pro for WooCommerce" rel="nofollow ugc">Abandoned Cart Pro for WooCommerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://www.tychesoftwares.com/store/premium-plugins/woocommerce-booking-plugin/?utm_source=wprepo&utm_medium=link&utm_campaign=Shortcodes" title="Booking & Appointment Plugin for WooCommerce" rel="nofollow ugc">Booking & Appointment Plugin for WooCommerce</a></strong></p>
</li>
</ol>
<h4>Some of our other free plugins</h4>
<ol>
<li>
<p><strong><a href="https://wordpress.org/plugins/order-delivery-date-for-woocommerce/" title="Order Delivery Date for WooCommerce - Lite" rel="ugc">Order Delivery Date for WooCommerce – Lite</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/woocommerce-abandoned-cart/" title="Abandoned Cart for WooCommerce" rel="ugc">Abandoned Cart for WooCommerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/product-delivery-date-for-woocommerce-lite/" title="Product Delivery Date for WooCommerce – Lite" rel="ugc">Product Delivery Date for WooCommerce – Lite</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/woocommerce-delivery-notes/" title="WooCommerce Print Invoice & Delivery Note" rel="ugc">WooCommerce Print Invoice & Delivery Note</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/order-delivery-date/" title="Order Delivery Date for WP e-Commerce" rel="ugc">Order Delivery Date for WP e-Commerce</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/woo-prevent-cancel-order/" title="Prevent Customers To Cancel WooCommerce Orders" rel="ugc">Prevent Customers To Cancel WooCommerce Orders</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/woo-coupons-by-categories-and-tags/" title="WooCommerce Coupons by Categories and Tags" rel="ugc">WooCommerce Coupons by Categories and Tags</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/arconix-faq/" title="Arconix FAQ" rel="ugc">Arconix FAQ</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/arconix-flexslider/" title="Arconix Flexslider" rel="ugc">Arconix Flexslider</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/arconix-portfolio/" title="Arconix Portfolio" rel="ugc">Arconix Portfolio</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/arconix-testimonials/" title="Arconix Testimonials" rel="ugc">Arconix Testimonials</a></strong></p>
</li>
<li>
<p><strong><a href="https://wordpress.org/plugins/wp-export-menus/" title="Export WordPress Menus" rel="ugc">Export WordPress Menus</a></strong></p>
</li>
</ol>
WordPress Plugin Directory