CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2025-7354 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Plugin Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...

WordPress plugin Shortcodes Ultimate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site request...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-30244 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate versions prior to 7.4.2 Description: The WordPress Shortcodes Ultimate plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the preview function. This...

PT-2025-30243 · WordPress · Shortcodes Ultimate

Name of the Vulnerable Software and Affected Versions: WP Shortcodes Plugin — Shortcodes Ultimate versions prior to 7.4.3 Description: The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s shortcodes. Insufficient...

CVE-2025-7648 Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruvenbutton' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-7648

CVE-2025-7648 affects Ruven Themes: Shortcodes for WordPress. The stored XSS exists in the ruven_button shortcode in versions up to 1.0 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access can inject script that executes for users loa...

WordPress plugin Ruven Themes: Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2025-29992 · WordPress · Shortcodes

Name of the Vulnerable Software and Affected Versions: Ruven Themes: Shortcodes plugin for WordPress versions prior to 1.0 Description: The plugin is susceptible to Stored Cross-Site Scripting through the ruven button shortcode due to inadequate input sanitization and output escaping of...

CVE-2025-7035

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mlatagcloud and mlatermlist shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2025-29209 · WordPress · Geodirectory

Name of the Vulnerable Software and Affected Versions: GeoDirectory WordPress plugin versions prior to 2.8.120 Description: The GeoDirectory WordPress plugin does not validate or escape certain shortcode attributes before displaying them within a page or post. This could allow users with...

CVE-2025-5567

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-5567

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-5567

CVE-2025-5567 affects the WordPress plugin "WP Shortcodes Plugin — Shortcodes Ultimate" up to version 7.4.0. The root cause is insufficient input sanitization and output escaping for the DOM data-url attribute, enabling stored Cross-Site Scripting. An authenticated attacker with Contributor-level...

CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

WordPress plugin Shortcodes Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...