WordPress Shortcode Addons plugin <= 3.1.2 - Authenticated WordPress Options Change vulnerability
PSID
f7edc756ab50
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires high role user authentication.
Publicly disclosed
2022-07-25
Patchstack vPatch available since
09.12.2021
Details
Authenticated WordPress Options Change vulnerability discovered by m0ze (Patchstack) in WordPress Shortcode Addons plugin (versions <= 3.1.2).
Solution
Update the WordPress Shortcode Addons plugin to the latest available version (at least 3.2.0).
References
Changeset