Home/Product/getshortcodes shortcodes ultimate
Product

getshortcodes shortcodes ultimate

26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-5567
< 7.4.1
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url'
6.4MEDIUM
 CVE-2025-0370
< 7.3.4
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘src’
6.4MEDIUM
 CVE-2024-8500
< 7.3.0
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several pa
5.4MEDIUM
 CVE-2024-6766
< 7.2.1
The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before out
5.4MEDIUM
 CVE-2024-4217
< 7.1.5
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it pos
4.7MEDIUM
 CVE-2024-4821
< 7.1.7
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s
6.4MEDIUM
 CVE-2024-4553
< 7.1.6
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '
6.4MEDIUM
 CVE-2024-3548
< 7.1.2
The WP Shortcodes Plugin, Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before output
6.1MEDIUM
 CVE-2024-3550
< 7.1.3
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s
6.4MEDIUM
 CVE-2024-3188
< 7.1.0
The WP Shortcodes Plugin, Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode att
6.3MEDIUM
 CVE-2024-2583
< 7.0.5
The WP Shortcodes Plugin, Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attrib
5.4MEDIUM
 CVE-2024-0792
< 7.0.2
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s
6.4MEDIUM
 CVE-2024-1808
< 7.0.4
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '
6.4MEDIUM
 CVE-2024-1510
< 7.0.3
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s
6.4MEDIUM
 CVE-2023-6488
<= 7.0.0
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '
5.4MEDIUM
 CVE-2023-6226
< 7.0.0
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versio
4.3MEDIUM
 CVE-2023-6225
< 7.0.0
The WP Shortcodes Plugin, Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's s
6.4MEDIUM
 CVE-2023-23800
<= 5.12.6
Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin, Shortcodes Ultimate.This issue affects WP S
7.1HIGH
 CVE-2023-25040
< 5.12.7
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin, Shortcodes Ultim
6.5MEDIUM
 CVE-2023-0911
< 5.12.8
The WordPress Shortcodes Plugin, Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieve
6.5MEDIUM
 CVE-2023-0890
< 5.12.8
The WordPress Shortcodes Plugin, Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via
6.5MEDIUM
 CVE-2022-41136
<= 5.12.0
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ulti
6.1MEDIUM
 CVE-2022-38086
<= 5.12.0
Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset sett
5.4MEDIUM
 CVE-2021-24525
< 5.10.2
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode att
5.4MEDIUM
 CVE-2017-18580
< 5.0.1
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcod
9.8CRITICAL
 CVE-2017-2245
<= 4.9.9
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files v
5.0MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh