CVE-2025-13448
CVE-2025-13448: CSSIgniter Shortcodes for WordPress is vulnerable to Stored XSS via the element shortcode attribute in versions up to 2.4.1. Exploitation requires Contributor+ access; an attacker can inject scripts on pages viewed by users. Wordfence has patched the issue in 2.4.1—update to 2.4.1...