cleantalk
Vulnerabilities and Security Researches

WP Shortcodes Plugin — Shortcodes Ultimate, CVE-2025-49244

CVE, Research URL

CVE-2025-49244

Home page URL

Security reports for WP Shortcodes Plugin — Shortcodes Ultimate

Application

WP Shortcodes Plugin — Shortcodes Ultimate

Published on
Jun 06, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vova Shortcodes Ultimate shortcodes-ultimate allows Stored XSS.This issue affects Shortcodes Ultimate: from n/a through <= 7.3.5.
Affected versions
max 7.4.2.
Status
vulnerable
Previous vulnerability researches
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2024-32588) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2024-31241) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2023-30487) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2025-60200) , Nov 10, 2025
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2025-49992) , Nov 10, 2025
New vulnerability
WP Munich Blocks &#8211; Gutenberg Blocks for WordPress (CVE-2023-33999) , Jun 13, 2026
Coinbase Commerce for Contact Form 7 (CVE-2023-33999) , Jun 13, 2026
Elementor Addons by Livemesh (CVE-2023-33999) , Jun 13, 2026
UltraAddons &#8211; Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Element (CVE-2023-33999) , Jun 13, 2026
Minimum and Maximum Quantity for WooCommerce (CVE-2023-33999) , Jun 13, 2026