CVE-2025-14144

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mstoic Shortcodes plugin for WordPress versions prior to 2.1

Description The Mstoic Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the start parameter of the ms youtube embeds shortcode due to inadequate input sanitization and output escaping. Authenticated attackers with Contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute when a user accesses the compromised page. The vulnerable component is the ms youtube embeds shortcode.

Recommendations Update the Mstoic Shortcodes plugin to version 2.1 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-14144

Affected Products

Mstoic Shortcodes

CVE-2025-14144

Weakness Enumeration

Related Identifiers

Affected Products

References · 5