2024-07-13 06:00:05
WPScan
PUBLISHED
The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.