WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites
Popular WordPress plugin Ultimate Shortcodes used in over 700,000 WordPress websites contains a CSRF vulnerability.
The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin.
Warning that it was discovered to contain a Cross Site Request Forgery vulnerability.
Shortcodes Ultimate is a highly popular WordPress plugin that has over 700,000 active installations.
The vulnerability affects plugin versions that are older than the current version 5.12.2.
Cross-Site Request Forgery, commonly referred to as CSRF, is a type of vulnerability that can in the worst cases can lead to complete website takeover.
These kinds of vulnerabilities are generally caused by targeting a flaw in software that can trigger a change, which can then lead to unintended consequences.
A successful attack generally depends on a user, for example with administrative privileges
This kind of vulnerability depends on social engineering, which is manipulating an end user to complete an action which then takes advantage of the plugin vulnerability.