vulnerability
WordPress Plugin: shortcodes-ultimate: CVE-2023-25050: External Control of File Name or Path
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Feb 10, 2023 | May 15, 2025 | May 5, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Feb 10, 2023
Added
May 15, 2025
Modified
May 5, 2026
Description
The Shortcodes Ultimate plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the "url" attribute of the su_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to supply paths to arbitrary files that will be returned when rendering the shortcode. This can be leveraged to read sensitive configuration files like wp-config.php. This is only exploitable when the Unsafe features option is enabled.
Solution
shortcodes-ultimate-plugin-cve-2023-25050
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.