2 matches found
WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability
Authenticated Author+ Stored Cross-Site Scripting via Image Title and Slide Link vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Shortcodes Ultimate versions = 7.4.2...
CVE-2025-8015
CVE-2025-8015 concerns the WordPress plugin “WP Shortcodes Plugin — Shortcodes Ultimate.” The vulnerability is a Stored Cross-Site Scripting (XSS) that arises from insufficient input sanitization and output escaping in image upload fields (Title and slide link). Affected versions include all up t...