Cross-site Scripting Vulnerability in Tyche Softwares Arconix Shortcodes
CVE-2025-13835

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Arconix Shortcodes
Vendor: CVE Published:; 1 December 2025

What is CVE-2025-13835?

The Arconix Shortcodes plugin by Tyche Softwares contains a vulnerability that enables attackers to inject malicious scripts into web pages. This flaw arises from inadequate input handling during page generation, leading to Stored XSS. As a result, attackers can execute arbitrary scripts in the context of the affected site, potentially compromising user data and site integrity. Users of versions up to 2.1.19 are particularly at risk, making it critical for site administrators to patch or upgrade to secure versions to safeguard against such attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Arconix Shortcodes <= 2.1.19

References

https://patchstack.com/database/wordpress/plugin/arconix-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Dec 1, 2025

Credit

Rooting (Patchstack Bug Bounty Program)

JSON

WordPress