[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCzKeaT98H4YLU_6wDcRVUZ-eBnFgT0T83dELZLwOQ1Q":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-25050","shortcodes-ultimate-authenticated-subscriber-arbitrary-file-read-via-shortcode","Shortcodes Ultimate \u003C= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode","The Shortcodes Ultimate plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 5.12.6. This is due to insufficient validation on the url being supplied via the \"url\" attribute of the su_table shortcode. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to supply paths to arbitrary files that will be returned when rendering the shortcode. This can be leveraged to read sensitive configuration files like wp-config.php. This is only exploitable when the Unsafe features option is enabled.","shortcodes-ultimate",null,"\u003C=5.12.6","5.12.7","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","External Control of File Name or Path","2023-02-10 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5dad7348-39ba-4163-a5eb-939601645edb?source=api-prod",347]