vulnerability
WordPress Plugin: shortcodes-ultimate: CVE-2023-25050: External Control of File Name or Path
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:H/Au:S/C:C/I:P/A:N) | Feb 10, 2023 | May 15, 2025 | May 15, 2025 |
Severity
6
CVSS
(AV:N/AC:H/Au:S/C:C/I:P/A:N)
Published
Feb 10, 2023
Added
May 15, 2025
Modified
May 15, 2025
Description
The Shortcodes Ultimate plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the "url" attribute of the su_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to supply paths to arbitrary files that will be returned when rendering the shortcode. This can be leveraged to read sensitive configuration files like wp-config.php. This is only exploitable when the Unsafe features option is enabled.
Solution
shortcodes-ultimate-plugin-cve-2023-25050
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.