cleantalk
Vulnerabilities and Security Researches

Ruven Themes: Shortcodes, CVE-2025-7648

CVE, Research URL

CVE-2025-7648

Home page URL

Security reports for Ruven Themes: Shortcodes

Application

Ruven Themes: Shortcodes

Published on
Jul 18, 2025
Research Description
The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
Animator – Scroll Triggered Animations (cf0d6ce4149212cae4de5df9898160e72ee42fbb) , Jun 07, 2024
Animator – Scroll Triggered Animations (CVE-2024-49308) , Oct 19, 2024
Animator – Scroll Triggered Animations (CVE-2023-47689) , Jun 10, 2024
Animator – Scroll Triggered Animations (CVE-2025-54039) , Jul 18, 2025
New vulnerability
Stop User Enumeration (CVE-2025-4302) , Jul 19, 2025
WP Pipes (CVE-2025-28982) , Jul 19, 2025
LightBox Block (CVE-2025-54051) , Jul 19, 2025
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal (CVE-2025-6043) , Jul 19, 2025
Ruven Themes: Shortcodes (CVE-2025-7648) , Jul 19, 2025