WP Shortcodes Plugin Shortcodes Ultimate
Moderate fix1 remedy
cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 7.4.2
WordPress WP Shortcodes Plugin Shortcodes Ultimate Cross-Site Request Forgery Vulnerability
Vulnerability
Patched
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Shortcodes Plugin - Shortcodes Ultimate for WordPress, affecting all versions through 7.4.2. The vulnerability arises from inadequate nonce validation in the preview function, allowing unauthenticated attackers to execute arbitrary shortcodes by sending a forged request, provided they can persuade a site administrator to click a link. This vulnerability, when combined with CVE-2025-7354, results in Reflected Cross-Site Scripting.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling the execution of arbitrary shortcodes, which could be manipulated to introduce malicious content or scripts. When combined with CVE-2025-7354, it leads to Reflected Cross-Site Scripting.
Remediation
Users are advised to update the WP Shortcodes Plugin - Shortcodes Ultimate to version 7.4.3 or a newer patched version.
Added: Jul 21, 2025, 8:17 AM
Updated: Jul 21, 2025, 8:17 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
1.3exploitability
7.2remediation
7.7relevance
0.3threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.