CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

July 3, 2025

CVE ID : CVE-2025-5567

Published : July 4, 2025, 3:15 a.m. | 22 minutes ago

Description : The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-url’ DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6739 – WordPress WPQuiz SQL Injection Vulnerability

Next Article CVE-2025-5953 – WordPress WP Human Resource Management Privilege Escalation

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

Telecom Giant Orange Responding to Cyberattack on ‘Information Systems’

CVE-2025-47812 – Wing FTP Server Lua Code Injection Vulnerability

I adore the world of South of Midnight, and I hope others explore this dark folktale from Xbox

SVG to CSS Shape Converter

I decided to change which sites appear first in Google Search — and it works on Chrome, Edge, or Firefox

CVE-2025-4840 – Inprosysmedia Likes Dislikes Post SQL Injection Vulnerability

ReVisual-R1: An Open-Source 7B Multimodal Large Language Model (MLLMs) that Achieves Long, Accurate and Thoughtful Reasoning

CVE-2025-54428 – RevelaCode MongoDB Atlas URI Exposure

CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

Related Posts