During the evaluation of the TJ Shortcodes plugin, a critical vulnerability was identified that permits the execution of Stored Cross-Site Scripting (XSS) attacks. This flaw enables an attacker to inject malicious scripts through a shortcode, posing a risk of account takeover.