CVE-2022-41136

Name of the Vulnerable Software and Affected Versions Shortcodes Ultimate plugin versions prior to 5.12.0

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored Cross-Site Scripting (XSS). This means an attacker can trick a user into performing unintended actions on a web application, which can result in the storage of malicious scripts that are executed when other users access the affected page.

Recommendations For versions prior to 5.12.0, update to version 5.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.