CVE-2025-0370
CVE-2025-0370 refers to a stored XSS in the WordPress plug-in "WP Shortcodes Plugin — Shortcodes Ultimate" (versions up to 7.3.3). The root cause is insufficient input sanitization and output escaping in the src parameter, allowing authenticated attackers with Contributor+ privileges to inject sc...