A critical Cross-Site Scripting (XSS) vulnerability has been identified in the Add Shortcodes Actions And Filters plugin. This plugin has been closed as of September 12, 2023, and is not available for download. If you have this plugin installed, it is important to disable it immediately.
This vulnerability was discovered and reported by Le Ngoc Anh.
An attacker could exploit this vulnerability to inject malicious scripts into the website, which could be used to steal user credentials, redirect users to malicious websites, or display unwanted ads.
Severity
The severity of this vulnerability is high, characterized by a CVSS 3.1 score of 7.1.
Affected Versions
There is no available patched version at present to address this vulnerability.
Impact
If a malicious actor is able to exploit this vulnerability, they could inject malicious scripts into the website. These scripts could then be executed by visitors to the site, which could lead to a variety of problems, such as:
- Redirecting visitors to malicious websites
- Injecting advertisements into your website
- Stealing cookies or other sensitive information from visitors
Recommendation
Disable the Add Shortcodes Actions And Filters plugin immediately. If any user still using this plugin, it is important to upgrade to a more secure alternative.