WordPress Plugin Vulnerability Report – Shortcodes Ultimate – Authenticated (Contributor+) Stored Cross-Site Scripting & Insecure Direct Object Reference to Information Disclosure – CVE-2023-6225 & CVE-2023-6226

Plugin Name: Shortcodes Ultimate Key Information: Software Type: Plugin Software Slug: shortcodes-ultimate Software Status: Active Software Author: gn_themes Software Downloads: 17,874,399 Active Installs: 600,000 Last Updated: November 27, 2023 Patched Versions: 7.0.0 Affected Versions: <= 5.13.3 Vulnerability 1 Details: Name: WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 – Authenticated (Contributor+) Stored Cross-Site Scripting Title: Authenticated (Contributor+) Stored Cross-Site Scripting Type: Improper Neutralization of Input During Web…

Read More