Shortcodes Ultimate

Vova

Developer

7.5.3

Latest version

400,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

34 patched

5 Mitigation rules

Unauthenticated Reflected Cross-Site Scripting vulnerability
<= 7.3.3
01/05/2026
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode vulnerability
<= 7.4.9
15/04/2026
Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode vulnerability
<= 7.4.7
03/04/2026
authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode vulnerability
<= 7.4.8
03/04/2026
WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability
<= 7.4.10
01/04/2026
Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability
<= 7.4.2
31/12/2025
Authenticated (Administrator+) Server-Side Request Forgery vulnerability
<= 7.4.5
31/12/2025
Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability
<= 7.4.2
22/07/2025
Cross-Site Request Forgery to Arbitrary Shortcode Execution vulnerability
<= 7.4.2
21/07/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability
<= 7.4.2
21/07/2025
Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute vulnerability
<= 7.4.0
03/07/2025
Cross Site Scripting (XSS) Vulnerability
<= 7.3.5
05/06/2025
Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter vulnerability
<= 7.3.3
04/03/2025
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
<= 7.2.2
23/10/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode vulnerability
<= 7.1.6
05/06/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode vulnerability
<= 7.1.5
21/05/2024
Contributor+ Stored XSS vulnerability
< 7.1.2
15/05/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 7.1.2
30/04/2024
Contributor+ Stored XSS vulnerability
< 7.1.0
26/04/2024
Contributor+ Stored XSS vulnerability
< 7.0.5
15/04/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode vulnerability
<= 7.0.3
28/02/2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode vulnerability
<= 7.0.2
20/02/2024
Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability
<= 7.0.1
08/02/2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 7.0.0
18/12/2023
Insecure Direct Object Reference to Information Disclosure vulnerability
<= 5.13.3
28/11/2023
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 5.13.3
28/11/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 5.13.0
18/07/2023
Subscriber+ User Meta Disclosure vulnerability
< 5.12.8
06/03/2023
Server Side Request Forgery (SSRF) vulnerability
<= 5.12.6
10/02/2023
Arbitrary File Download vulnerability
<= 5.12.6
10/02/2023
Cross Site Scripting (XSS) vulnerability
<= 5.12.6
10/02/2023
CSRF vulnerability leading to Stored XSS
<= 5.12.0
13/10/2022
Cross-Site Request Forgery (CSRF) vulnerability
<= 5.12.0
02/10/2022
Stored Cross-Site Scripting (XSS) vulnerability
<= 5.10.1
23/08/2021