cleantalk
Vulnerabilities and Security Researches

Ruven Themes: Shortcodes, CVE-2025-7648

CVE, Research URL

CVE-2025-7648

Home page URL

Security reports for Ruven Themes: Shortcodes

Application

Ruven Themes: Shortcodes

Published on
Jul 18, 2025
Research Description
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
FluentSnippets – The High-Performance file based Custom Code Snippet Plugin (CVE-2025-54010) , Jul 18, 2025
New vulnerability
Stop User Enumeration (CVE-2025-4302) , Jul 19, 2025
WP Pipes (CVE-2025-28982) , Jul 19, 2025
LightBox Block (CVE-2025-54051) , Jul 19, 2025
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (CVE-2025-6043) , Jul 19, 2025
Ruven Themes: Shortcodes (CVE-2025-7648) , Jul 19, 2025