WordPress Plugin Vulnerabilities

Shortcodes Ultimate < 5.12.7 - Subscriber+ Arbitrary File Access

Description

The plugin does not validate the url attribute of its su_table shortcode before displaying its content, which could allow any authenticated users, such as subscriber to read arbitrary files from the server when the "Unsafe Features" settings is enabled

Affects Plugins

Plugin icon
shortcodes-ultimate
Fixed in 5.12.7

References

CVE
CVE-2023-25050

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
89c334ee-2edf-4e7b-b2d1-b7e97b3f53c4

Timeline

Publicly Published
2023-02-10 (about 3 years ago)
Added
2023-03-30 (about 3 years ago)
Last Updated
2023-03-30 (about 3 years ago)

Other

Published
Title
Published
2023-08-23
Title
Elements kit Elementor addons < 2.9.2 - Missing Authorization
Published
2024-02-02
Title
Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions
Published
2025-03-27
Title
Quiz Cat < 3.0.9 - Missing Authorization
Published
2025-04-01
Title
Simple Icons <= 2.8.4 - Missing Authorization
Published
2024-02-27
Title
Redirects <= 1.2.1 - Missing Authorization via save