Getshortcodes Shortcodes Ultimate — known CVE vulnerabilities
Every CVE whose affected-product data names Getshortcodes Shortcodes Ultimate, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2017-18580 — CVSS 9.8 (critical): The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
CVE-2023-0890 — CVSS 6.5 (medium): The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some…
CVE-2023-0911 — CVSS 6.5 (medium): The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via…
CVE-2025-5567 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM…
CVE-2023-6225 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta…
CVE-2024-0792 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-1510 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-1808 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-3550 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-4553 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-4821 — CVSS 6.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-3188 — CVSS 6.3 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode…
CVE-2024-3548 — CVSS 6.1 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting…
CVE-2022-41136 — CVSS 6.1 (medium): Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate…
CVE-2024-8500 — CVSS 5.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several…
CVE-2024-2583 — CVSS 5.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes…
CVE-2021-24525 — CVSS 5.4 (medium): The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes…
CVE-2024-6766 — CVSS 5.4 (medium): The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting…
CVE-2023-6488 — CVSS 5.4 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2022-38086 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings…
CVE-2017-2245 — CVSS 5.0 (medium): Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via…
CVE-2024-4217 — CVSS 4.7 (medium): The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for…
CVE-2023-6226 — CVSS 4.3 (medium): The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up…