cleantalk
Vulnerabilities and Security Researches

Shortcode Cleaner Lite, CVE-2025-1481

CVE, Research URL

CVE-2025-1481

Home page URL

Security reports for Shortcode Cleaner Lite

Application

Shortcode Cleaner Lite

Published on
Mar 08, 2025
Research Description
The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export arbitrary options.
Affected versions
Min -, max 1.0.9.
Status
vulnerable
Previous vulnerability researches
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2024-13675) , Mar 09, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2024-38684) , Jul 14, 2024
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025