Getshortcodes Shortcodes_ultimate
25 CVEs affecting Getshortcodes Shortcodes_ultimate. Latest disclosed: 2025-07-04. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-18580 | Critical | 9.8 | 2019-08-22 | The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. |
CVE-2023-23800 | High | 7.1 | 2023-11-13 | Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcode… |
CVE-2023-25040 | Medium | 6.5 | 2023-03-30 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 version… |
CVE-2023-0911 | Medium | 6.5 | 2023-03-20 | The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, al… |
CVE-2023-0890 | Medium | 6.5 | 2023-03-20 | The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already… |
CVE-2025-5567 | Medium | 6.4 | 2025-07-04 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in al… |
CVE-2024-4821 | Medium | 6.4 | 2024-06-05 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all… |
CVE-2024-4553 | Medium | 6.4 | 2024-05-21 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all… |
CVE-2024-3550 | Medium | 6.4 | 2024-05-02 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions… |
CVE-2024-0792 | Medium | 6.4 | 2024-02-29 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions… |
CVE-2024-1808 | Medium | 6.4 | 2024-02-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all… |
CVE-2024-1510 | Medium | 6.4 | 2024-02-20 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all v… |
CVE-2023-6225 | Medium | 6.4 | 2023-11-28 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined wi… |
CVE-2024-3188 | Medium | 6.3 | 2024-04-26 | The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting th… |
CVE-2024-3548 | Medium | 6.1 | 2024-05-15 | The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, le… |
CVE-2022-41136 | Medium | 6.1 | 2022-11-08 | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on Word… |
CVE-2024-8500 | Medium | 5.4 | 2024-10-23 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up… |
CVE-2024-6766 | Medium | 5.4 | 2024-08-06 | The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/p… |
CVE-2024-2583 | Medium | 5.4 | 2024-04-13 | The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed… |
CVE-2023-6488 | Medium | 5.4 | 2023-12-19 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', an… |