WordPress Shortcodes Ultimate plugin <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
5.9
Fixed in Version 7.4.9

Timeline

Publicly Published
2026-04-03
Created
2026-04-03

WordPress Shortcodes Ultimate plugin <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.4.8

Timeline

Publicly Published
2026-04-03
Created
2026-04-03

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.5.0

Timeline

Publicly Published
2026-04-01
Created
2026-04-01

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
No Fix Available

Timeline

Publicly Published
2025-12-31
Created
2025-12-31

WordPress Shortcodes Ultimate plugin <= 7.4.5 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Server Side Request Forgery (SSRF)
Score:
5.5
Fixed in Version 7.4.6

Timeline

Publicly Published
2025-12-31
Created
2025-12-31

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
5.9
Fixed in Version 7.4.3

Timeline

Publicly Published
2025-07-22
Created
2025-07-22

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Request Forgery (CSRF)
Score:
4.3
Fixed in Version 7.4.3

Timeline

Publicly Published
2025-07-21
Created
2025-07-21

WordPress Shortcodes Ultimate plugin <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.4.3

Timeline

Publicly Published
2025-07-21
Created
2025-07-21

WordPress Shortcodes Ultimate plugin <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.4.1

Timeline

Publicly Published
2025-07-03
Created
2025-07-03

WordPress Shortcodes Ultimate plugin <= 7.3.5 - Cross Site Scripting (XSS) Vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.4.0

Timeline

Publicly Published
2025-06-05
Created
2025-06-04

WordPress WP Shortcodes Ultimate plugin <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.3.4

Timeline

Publicly Published
2025-03-04
Created
2025-03-04

WordPress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.3.0

Timeline

Publicly Published
2024-10-23
Created
2024-10-23

WordPress Shortcodes Ultimate plugin <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.1.7

Timeline

Publicly Published
2024-06-05
Created
2024-06-05

WordPress Shortcodes Ultimate plugin <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.1.6

Timeline

Publicly Published
2024-05-21
Created
2024-05-21

WordPress Shortcodes Ultimate plugin < 7.1.2 - Contributor+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.1.2

Timeline

Publicly Published
2024-05-15
Created
2024-05-15

WordPress Shortcodes Ultimate plugin <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.1.3

Timeline

Publicly Published
2024-04-30
Created
2024-04-30

WordPress Shortcodes Ultimate plugin < 7.1.0 - Contributor+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.1.0

Timeline

Publicly Published
2024-04-26
Created
2024-04-26

WordPress Shortcodes Ultimate plugin < 7.0.5 - Contributor+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.5

Timeline

Publicly Published
2024-04-15
Created
2024-04-15

WordPress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.4

Timeline

Publicly Published
2024-02-28
Created
2024-02-28

WordPress WP Shortcodes Ultimate plugin <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.3

Timeline

Publicly Published
2024-02-20
Created
2024-02-20

WordPress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.2

Timeline

Publicly Published
2024-02-08
Created
2024-02-08

Wordpress WP Shortcodes Plugin — Shortcodes Ultimate plugin <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.1

Timeline

Publicly Published
2023-12-18
Created
2023-12-18

Wordpress Shortcodes Ultimate plugin <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Insecure Direct Object References (IDOR)
Score:
4.3
Fixed in Version 7.0.0

Timeline

Publicly Published
2023-11-28
Created
2023-11-28

Wordpress Shortcodes Ultimate plugin <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 7.0.0

Timeline

Publicly Published
2023-11-28
Created
2023-11-28