The Shortcodes Ultimate plugin, used on greater than 700,000 WordPress websites for creating issues like tabs, buttons, and accordions, has patched a vulnerability in model 5.12.1. The plugin’s changelog merely says, “This replace fixes a safety vulnerability within the shortcode generator. To the writer’s credit score, the changelog clearly denotes it as a safety replace, though it doesn’t provide particular particulars.
The vulnerability was reported by researcher Dave Jong at Patchstack and is logged at the National Vulnerability Database (NVD) as a Cross-Web site Request Forgery (CSRF) vulnerability resulting in plugin preset settings change. It was patched two weeks in the past and the NVD printed the advisory this week.
At the moment, the vulnerability shouldn’t be identified to have been exploited, however customers are suggested to replace to the newest model. Primarily based on WordPress.org stats, 46% of the plugin’s person base is working on variations older than 5.12.x. The Shortcodes Final plugin writer has since launched model 5.12.2, which fixes a problem with the Shortcode Generator Presets that was launched within the earlier replace.