A Broken Access Control vulnerability has been discovered in the WordPress My Shortcodes plugin. This vulnerability could allow an unprivileged user to execute certain higher privileged actions.
This vulnerability was discovered and reported by Abdi Pranata.
The vulnerability is caused by a missing authorization, authentication, or nonce token check in a function. This allows an attacker to exploit the vulnerability to execute certain higher privileged actions.
CVSS 3.1 Score: 7.1 (High Severity)
All versions of the WordPress My Shortcodes plugin are affected by this vulnerability.
An attacker who successfully exploits this vulnerability could gain access to sensitive data, modify website content, or take control of the website.
Given the gravity of this vulnerability, it’s imperative to act promptly:
- Temporary Deactivation: To mitigate the potential risks, consider temporarily deactivating the My Shortcodes Plugin. This precaution should be maintained until a patched version becomes accessible.
- Plugin Updates: Be attentive to any updates concerning the My Shortcodes Plugin. When a revised version addressing this vulnerability becomes available, promptly update the plugin to the most recent iteration.
- Security Audit: Subsequent to applying updates, perform a comprehensive security audit of the WordPress site to ensure the vulnerability has been successfully remedied.
- Ongoing Monitoring: Continually monitor the website for any unusual activities and conduct regular security scans to identify potential threats.
- Stay Informed: Remain well-informed about the latest developments related to the My Shortcodes Plugin, including any announcements about the vulnerability fix and the release of an updated version.