Medium 6.4 Unfixed Closed 2025-12-12≤ 1.0.a VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute CVEWordfence