Shortcodes Ultimate

Vova

Developer

7.4.7

Latest version

400,000

Installations

3 days ago

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Vulnerability history

0 present

27 fixed

5 Mitigation rules

Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link vulnerability
<= 7.4.2
Jul 22, 2025
Cross-Site Request Forgery to Arbitrary Shortcode Execution vulnerability
<= 7.4.2
Jul 21, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes vulnerability
<= 7.4.2
Jul 21, 2025
Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute vulnerability
<= 7.4.0
Jul 3, 2025
Cross Site Scripting (XSS) Vulnerability
<= 7.3.5
Jun 5, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter vulnerability
<= 7.3.3
Mar 4, 2025
Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability
<= 7.2.2
Oct 23, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode vulnerability
<= 7.1.6
Jun 5, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode vulnerability
<= 7.1.5
May 21, 2024
Contributor+ Stored XSS vulnerability
< 7.1.2
May 15, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 7.1.2
Apr 30, 2024
Contributor+ Stored XSS vulnerability
< 7.1.0
Apr 26, 2024
Contributor+ Stored XSS vulnerability
< 7.0.5
Apr 15, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode vulnerability
<= 7.0.3
Feb 28, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode vulnerability
<= 7.0.2
Feb 20, 2024
Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability
<= 7.0.1
Feb 8, 2024
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 7.0.0
Dec 18, 2023
Insecure Direct Object Reference to Information Disclosure vulnerability
<= 5.13.3
Nov 28, 2023
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 5.13.3
Nov 28, 2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 5.13.0
Jul 18, 2023
Subscriber+ User Meta Disclosure vulnerability
< 5.12.8
Mar 6, 2023
Server Side Request Forgery (SSRF) vulnerability
<= 5.12.6
Feb 10, 2023
Arbitrary File Download vulnerability
<= 5.12.6
Feb 10, 2023
Cross Site Scripting (XSS) vulnerability
<= 5.12.6
Feb 10, 2023
CSRF vulnerability leading to Stored XSS
<= 5.12.0
Oct 13, 2022
Cross-Site Request Forgery (CSRF) vulnerability
<= 5.12.0
Oct 2, 2022
Stored Cross-Site Scripting (XSS) vulnerability
<= 5.10.1
Aug 23, 2021