getshortcodes shortcodes_ultimate CVE Vulnerabilities (25)

CVEs: 25 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting getshortcodes shortcodes_ultimate (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 2125 of 25 CVEs
«« First « Prev Page 2 / 2 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-41136 Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Vladimir Anokhin's Shortcodes Ultimate plugin <= 5.12.0 on WordPress. [email protected] 6.1 0.29% 2022-11-08 2026-06-17
CVE-2022-38086 Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change. [email protected] 5.4 0.29% 2022-10-11 2026-06-17
CVE-2021-24525 The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). [email protected] 5.4 0.60% 2021-09-20 2026-06-16
CVE-2017-18580 The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode. [email protected] 9.8 12.09% 2019-08-22 2026-06-16
CVE-2017-2245 Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. [email protected] 5.0 2.57% 2017-07-07 2026-06-16
«« First « Prev Page 2 / 2 Next »
cvelogic Threat Intelligence