This vulnerability (CVE-2025-48087) in Memberlite Shortcodes involves CWE-79, where input is not properly sanitized before being included in web pages, leading to stored cross-site scripting. This can allow an attacker with limited privileges and requiring user interaction to inject malicious scripts that execute in the context of other users. The vulnerability affects all versions up to 1.4.1. No patch or remediation details have been provided by the vendor or in public advisories.

Successful exploitation could allow an attacker to execute arbitrary scripts in the browsers of users who view the affected content, potentially leading to information disclosure, session hijacking, or other impacts typical of stored XSS vulnerabilities. The CVSS vector indicates low attack complexity, requiring privileges and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low-medium.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or restricting use of the Memberlite Shortcodes plugin, applying web application firewall (WAF) rules to detect and block XSS payloads, and limiting user privileges to reduce risk.