CVE-2025-39528

UNKNOWN 0.0

WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes rescue-shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through <= 3.1.

CWE	CWE-79
Vendor	rescue themes
Product	rescue shortcodes
Published	Apr 16, 2025
Last Updated	Apr 1, 2026

Stay Ahead of the Next One

Get instant alerts for rescue themes rescue shortcodes

Be the first to know when new unknown vulnerabilities affecting rescue themes rescue shortcodes are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Rescue Themes / Rescue Shortcodes

0 ≤ 3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

patchstack.com: https://patchstack.com/database/Wordpress/Plugin/rescue-shortcodes/vulnerability/wordpress-rescue-shortcodes-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Credits

Muhammad Yudha - DJ | Patchstack Bug Bounty Program