CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

July 3, 2025

CVE ID : CVE-2025-5567

Published : July 4, 2025, 3:15 a.m. | 22 minutes ago

Description : The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-url’ DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6739 – WordPress WPQuiz SQL Injection Vulnerability

Next Article CVE-2025-5953 – WordPress WP Human Resource Management Privilege Escalation

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

CVE-2025-5933 – WordPress RD Contacto CSRF Vulnerability

CVE-2025-5924 – “WordPress Firebase Push Notification CSRF”

CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-29906 – Finit TTY Authentication Bypass Vulnerability

CVE-2025-4368 – Tenda AC8 Buffer Overflow Vulnerability

Kst is a real-time large dataset viewing and plotting tool

Apple Revises U.S. App Store Rules After Court Ruling in Epic Games Case

CVE-2025-4017 – Novel-Plus LogController Java Unauthenticated Remote Authorization Bypass

4 ways to level up your gaming on Linux, starting with the right distro

CVE-2025-1421 – Konsola Proget Remote Code Execution Vulnerability

CVE-2025-5567 – WordPress Shortcodes Ultimate Stored Cross-Site Scripting Vulnerability

Related Posts