CVE-2025-5567

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

CVE-2025-5567

CVE-2025-5567 affects the WordPress plugin "WP Shortcodes Plugin — Shortcodes Ultimate" up to version 7.4.0. The root cause is insufficient input sanitization and output escaping for the DOM data-url attribute, enabling stored Cross-Site Scripting. An authenticated attacker with Contributor-level...

CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...

WordPress Shortcodes Ultimate plugin <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute vulnerability

Authenticted Contributor+ Stored Cross-Site Scripting via 'data-url' Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Shortcodes Ultimate versions = 7.4.0...