Cross-site Scripting Vulnerability in Vova Shortcodes Ultimate Plugin
CVE-2025-49244
6.5MEDIUM
What is CVE-2025-49244?
The Vova Shortcodes Ultimate plugin is subject to a Cross-site Scripting vulnerability due to improper input neutralization during web page generation. This flaw can enable attackers to inject malicious scripts into web pages that are then viewed by users, potentially compromising user sessions and spreading malicious payloads. Affected versions include Shortcodes Ultimate from n/a through 7.3.5, necessitating immediate attention for users to safeguard their websites against stored XSS attacks.
Affected Version(s)
Shortcodes Ultimate <= 7.3.5