Vulnerabilities and security researches formeks-flexible-shortcodes meks-flexible-shortcodes

Jun 07, 2024

CVE, Research URL: CVE-2022-4562
Home page URL: Security reports for Meks Flexible Shortcodes
Application: Meks Flexible Shortcodes
Date: Feb 13, 2023
Research Description: The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47621
Home page URL: Security reports for Meks Flexible Shortcodes
Application: Meks Flexible Shortcodes
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes allows Stored XSS. This issue affects Meks Flexible Shortcodes: from n/a through 1.3.6.
Affected versions: Min -, max -.
Status: vulnerable