Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.