VYPR

Shortcodes Ultimate

by Getshortcodes

Source repositories

CVEs (18)

  • CVE-2023-23800HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.

  • CVE-2026-0738MedApr 4, 2026
    risk 0.42cvss 6.4epss 0.00

    The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, and including, 7.4.8. This is due to insufficient input sanitization and output escaping in the 'su_slide_link'…

  • CVE-2024-4821MedJun 5, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-3550MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.01

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-0792MedFeb 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes…

  • CVE-2023-6225MedNov 28, 2023
    risk 0.42cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output…

  • CVE-2026-3885MedApr 16, 2026
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2026-2480MedMar 31, 2026
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max_width' attribute of the `su_box` shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on…

  • CVE-2025-8015MedJul 22, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This…

  • CVE-2025-7354MedJul 21, 2025
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-4553MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1808MedFeb 28, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1510MedFeb 20, 2024
    risk 0.35cvss 6.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-6488MedDec 19, 2023
    risk 0.35cvss 5.4epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output…

  • CVE-2025-7369MedJul 21, 2025
    risk 0.33cvss 6.1epss 0.00

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated…

  • CVE-2017-2245MedJul 7, 2017
    risk 0.33cvss 5.0epss 0.03

    Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2023-6226MedNov 28, 2023
    risk 0.28cvss 4.3epss 0.01

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it…

  • CVE-2025-0370Mar 4, 2025
    risk 0.00cvss epss 0.30

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’ parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for…