Medium 6.1
2026-05-01< 7.3.4
CVE-2024-13362
WP Shortcodes Plugin — Shortcodes Ultimate
Minimum safe version
7.5.0
Update to 7.5.0 or later to address 40 fixable vulnerabilities
Latest available7.5.0 ✓⚠ 1 vulnerability has no fix
Medium 6.4
2026-04-16< 7.5.0
CVE-2026-3885
N/A
2026-04-03< 7.4.9
Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode
N/A
2026-04-03< 7.4.8
Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode
N/A
2026-03-31< 7.5.0
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute
Medium 6.4
2025-11-23< 7.4.6
CVE-2025-12800
Medium 6.4
2025-07-22< 7.4.3
Shortcodes Ultimate <= 7.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title and Slide Link
Medium 6.4
2025-07-21< 7.4.3
WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes
Medium 6.1
2025-07-21< 7.4.3
Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution
Medium 6.4
2025-07-04< 7.4.1
Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute
Medium 6.4 Unfixed
2025-07-03≤ 7.4.2
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library
Medium 6.5
2025-06-06< 7.4.0
CVE-2025-49244
Medium 6.4
2025-03-04< 7.3.4
WordPress Shortcodes Ultimate Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2024-10-23< 7.3.0
CVE-2024-8500
Medium 5.4
2024-06-05< 7.1.7
CVE-2024-4821
Medium 5.4
2024-05-21< 7.1.6
CVE-2024-4553
Medium 6.1
2024-05-15< 7.1.2
CVE-2024-3548
N/A
2024-05-09< 7.1.2
CVE-2024-4542
Medium 5.4
2024-05-02< 7.1.3
CVE-2024-3550
Medium 6.3
2024-04-26< 7.1.0
CVE-2024-3188
Medium 5.4
2024-04-15< 7.0.5
WordPress Shortcodes Ultimate Plugin < 7.0.5 is vulnerable to Cross Site Scripting (XSS)
N/A
2024-04-09< 7.0.5
CVE-2024-3512
Medium 5.4
2024-02-28< 7.0.4
CVE-2024-1808
Medium 5.4
2024-02-20< 7.0.3
CVE-2024-1510
Medium 5.4
2024-02-20< 7.0.2
CVE-2024-0792
Medium 5.4
2024-12-18< 7.0.1
WordPress Shortcodes Ultimate Plugin <= 7.0.0 is vulnerable to Cross Site Scripting (XSS)
Medium 5.4
2023-11-28< 7.0.0
CVE-2023-6225
Medium 4.3
2023-11-28< 7.0.0
CVE-2023-6226
N/A
2023-07-18< 5.13.1
WordPress Shortcodes Ultimate Plugin <= 5.13.0 is vulnerable to Cross Site Scripting (XSS)
Medium 6.5
2023-03-20< 5.12.8
CVE-2023-0890
Medium 6.5
2023-03-20< 5.12.8
CVE-2023-0911
High 7.1
2024-05-17< 5.12.7
CVE-2023-25050
High 7.1
2023-11-13< 5.12.7
CVE-2023-23800
Medium 6.5
2023-03-30< 5.12.7
CVE-2023-25040
N/A
2015-05-05< 4.9.4
WordPress Shortcodes Plugin — Shortcodes Ultimate <= 4.9.3 - Cross-Site Scripting
N/A
2022-10-13< 5.12.1
Shortcodes Ultimate <= 5.12.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Medium 6.1
2022-11-08< 5.12.1
CVE-2022-41136
Medium 5.4
2022-10-11< 5.12.1
CVE-2022-38086
Medium 5.0
2017-07-07< 4.10.0
CVE-2017-2245
Critical 9.8
2019-08-22< 5.0.1
CVE-2017-18580
Medium 5.4
2021-09-20< 5.10.2
CVE-2021-24525