cleantalk
Vulnerabilities and Security Researches

WP Shortcodes Plugin — Shortcodes Ultimate, CVE-2024-2583

CVE, Research URL

CVE-2024-2583

Home page URL

Security reports for WP Shortcodes Plugin — Shortcodes Ultimate

Application

WP Shortcodes Plugin — Shortcodes Ultimate

Published on
Apr 13, 2024
Research Description
The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
Affected versions
Min -, max 7.0.5.
Status
vulnerable
Previous vulnerability researches
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2024-8500) , Oct 23, 2024
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-0370) , Mar 05, 2025
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2025-5567) , Jul 05, 2025
WP Shortcodes Plugin — Shortcodes Ultimate , Jul 24, 2024
WP Shortcodes Plugin — Shortcodes Ultimate (CVE-2022-41136) , Jun 07, 2024
New vulnerability
Video Blogster Lite (CVE-2025-47689) , Jul 26, 2025
WP Wallcreeper (CVE-2025-7822) , Jul 26, 2025
Supreme Addons for Beaver Builder – (CVE-2025-3669) , Jul 25, 2025
WP Get The Table (CVE-2025-6387) , Jul 25, 2025
ElementsKit Elementor addons (CVE-2025-3614) , Jul 25, 2025