Cross-Site Scripting Vulnerability in Meks Flexible Shortcodes Plugin by Meks
CVE-2025-49855
6.5MEDIUM
What is CVE-2025-49855?
The Meks Flexible Shortcodes plugin is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user inputs when generating web pages. This flaw allows attackers to inject malicious scripts into web pages, potentially compromising user data and website integrity. It affects all versions of the plugin prior to 1.3.7 and poses significant risks to WordPress sites that utilize this plugin.
Affected Version(s)
Meks Flexible Shortcodes <= 1.3.7