The Shortcodes Ultimate plugin for WordPress, called WP Shortcodes Plugin, has a security vulnerability. This means that hackers can insert harmful code into pages using the plugin’s shortcodes. This can be done by users who have contributor-level access or higher. The vulnerability exists in all versions of the plugin up to version 7.4.2 because the plugin does not properly clean up user input and prevent the execution of malicious code.