The WP Shortcodes Plugin, also known as Shortcodes Ultimate, is a plugin used for WordPress websites. It had a vulnerability in all versions up to 5.13.3 which allowed attackers with certain permissions to inject malicious web scripts into pages on the website. These malicious scripts would execute whenever a user accessed the page, allowing the attacker to access the website and potentially cause damage. This vulnerability was caused by the plugin not properly sanitizing and escaping user supplied meta values in its su_meta shortcode.