GCVE - cpe:2.3:a:mythemeshop:wp_shortcode:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mythemeshop:wp_shortcode:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Mythemeshop (`20481465-4c2b-5adc-96f3-a4e9dfa534b7`)
Product	Wp Shortcode (`344ddca7-3409-5ec7-a389-66f7bd4da7e1`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/wp-shortcode`	purl2cpe	2026-06-01 10:14:59.224045
`pkg:github/wpplugins/wp-shortcode`	purl2cpe	2026-06-01 10:14:59.224046

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1808`	vulnerable	2026-06-08 06:27:14.566251	WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode MEDIUM (6.4) The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-02-28T12:50:50.204Z Updated: 2026-04-08T17:10:15.156Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/96769a0e-d4a9-4196-8ded-b600046c0943?source=cve https://plugins.trac.wordpress.org/changeset/3041647/shortcodes-ultimate	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28495`	vulnerable	2026-06-08 06:01:10.985881	WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. Published: 2023-11-12T22:07:02.921Z Updated: 2026-04-28T16:08:16.148Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wp-shortcode/wordpress-wp-shortcode-by-mythemeshop-plugin-1-4-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.