A critical Cross-Site Scripting (XSS) vulnerability has been identified in the Add Shortcodes Actions And Filters plugin. This plugin has been closed as of September 12, 2023, and is not available for download. If you have this plugin installed, it is important to disable it immediately.

This vulnerability was discovered and reported by Le Ngoc Anh.

An attacker could exploit this vulnerability to inject malicious scripts into the website, which could be used to steal user credentials, redirect users to malicious websites, or display unwanted ads.


The severity of this vulnerability is high, characterized by a CVSS 3.1 score of 7.1.

Affected Versions

There is no available patched version at present to address this vulnerability.


If a malicious actor is able to exploit this vulnerability, they could inject malicious scripts into the website. These scripts could then be executed by visitors to the site, which could lead to a variety of problems, such as:

  • Redirecting visitors to malicious websites
  • Injecting advertisements into your website
  • Stealing cookies or other sensitive information from visitors


Disable the Add Shortcodes Actions And Filters plugin immediately. If any user still using this plugin, it is important to upgrade to a more secure alternative.