cleantalk
Vulnerabilities and Security Researches

Memberlite Shortcodes, c35d1c7ca3f51b7af6a1ca01d23fd36f0cf6fff8

CVE, Research URL

c35d1c7ca3f51b7af6a1ca01d23fd36f0cf6fff8

Home page URL

Security reports for Memberlite Shortcodes

Application

Memberlite Shortcodes

Published on
Sep 21, 2023
Research Description
Memberlite Shortcodes [memberlite-shortcodes] < 1.3.9 Memberlite Shortcodes <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.3.9.
Status
vulnerable
Previous vulnerability researches
Memberlite Shortcodes (CVE-2023-5237) , Jun 07, 2024
Memberlite Shortcodes (c35d1c7ca3f51b7af6a1ca01d23fd36f0cf6fff8) , Jun 07, 2024
Memberlite Shortcodes (CVE-2025-48087) , Nov 10, 2025
Memberlite Shortcodes (CVE-2024-11227) , Nov 25, 2024
Memberlite Shortcodes (CVE-2025-10125) , Oct 11, 2025
New vulnerability
WP Geo (CVE-2025-62904) , Nov 11, 2025
Emails Catch All (CVE-2025-60041) , Nov 11, 2025
SH Contextual Help (CVE-2025-12410) , Nov 11, 2025
Document Embedder (CVE-2025-12384) , Nov 11, 2025
WP VR &#8211; 360 Panorama and Virtual Tour Builder For WordPress (CVE-2025-12005) , Nov 11, 2025