cleantalk
Vulnerabilities and Security Researches

Shortcoder — Create Shortcodes for Anything, b235597f1975f1576c362721dbbd07d6af815b10

CVE, Research URL

b235597f1975f1576c362721dbbd07d6af815b10

Home page URL

Security reports for Shortcoder — Create Shortcodes for Anything

Application

Shortcoder — Create Shortcodes for Anything

Published on
Dec 06, 2023
Research Description
Shortcoder — Create Shortcodes for Anything [shortcoder] < 6.3.1 WordPress Shortcoder Plugin <= 6.3.1 is vulnerable to Broken Access Control Incomplete patch. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Shortcoder Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions
max 6.3.1.
Status
vulnerable
Previous vulnerability researches
Shortcoder — Create Shortcodes for Anything (CVE-2026-27074) , Feb 28, 2026
Shortcoder — Create Shortcodes for Anything (CVE-2023-49849) , Jun 10, 2024
Shortcoder — Create Shortcodes for Anything (b235597f1975f1576c362721dbbd07d6af815b10) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026