The WP Shortcodes Plugin, also known as Shortcodes Ultimate plugin for WordPress, has a security issue. This vulnerability, known as Stored Cross-Site Scripting, affects all versions up to and including 7.1.6. This is because the plugin does not properly clean or escape user-provided attributes, which allows attackers with contributor-level access or higher to insert harmful web scripts into pages. When a user visits one of these pages, the script will automatically run.