EUVD-2024-17533

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability in Shortcodes Ultimate plugin allows Stored Cross-Site Scripting in versions up to 7.0.3

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-1808	28 Feb 202414:27	–	circl
CNNVD	WordPress Plugin WP Shortcodes Plugin Security Vulnerability	28 Feb 202400:00	–	cnnvd
CVE	CVE-2024-1808	28 Feb 202412:50	–	cve
Cvelist	CVE-2024-1808 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode	28 Feb 202412:50	–	cvelist
NVD	CVE-2024-1808	28 Feb 202413:15	–	nvd
OpenVAS	WordPress Shortcodes Ultimate Plugin < 7.0.4 - Contributor+ Stored XSS Vulnerability	13 Feb 202500:00	–	openvas
OSV	CVE-2024-1808	28 Feb 202413:15	–	osv
Patchstack	WordPress Shortcodes Ultimate Plugin <= 7.0.3 is vulnerable to Cross Site Scripting (XSS)	28 Feb 202400:00	–	patchstack
Prion	Cross site scripting	28 Feb 202413:15	–	prion
Positive Technologies	PT-2024-18324 · WordPress · Wp Shortcodes Plugin	28 Feb 202400:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "cadf42e3-cb47-3ca0-989d-fa9c8523771f",
        "vendor": {
          "name": "gn_themes"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "05600fed-6fd5-3019-94b2-66f7535410f4",
        "product": {
          "name": "WP Shortcodes Plugin — Shortcodes Ultimate"
        },
        "product_version": "* ≤7.0.3"
      },
      {
        "id": "c8b47856-c55a-37de-b288-572670eb8f07",
        "product": {
          "name": "WP Shortcodes Plugin — Shortcodes Ultimate"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/96769a0e-d4a9-4196-8ded-b600046c0943
plugins	www.plugins.trac.wordpress.org/changeset/3041647/shortcodes-ultimate

03 Oct 2025 20:07Current

7.2High risk

Vulners AI Score7.2

CVSS 3.15.4 - 6.4

EPSS0.00168

SSVC