3 matches found
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
Shortcodes Ultimate plugin before 5.0.1 for WordPress contains a remote code execution caused by a filter in meta, post, or user shortcode, letting remote attackers execute arbitrary code, exploit requires sending crafted shortcode data. id: CVE-2017-18580 info: name: WordPress Shortcodes Ultimat...
CVE-2017-18580
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode...
CVE-2017-18580
The CVE-2017-18580 entry concerns WordPress Shortcodes Ultimate plugin before 5.0.1. The connected documents provide concrete details: remote code execution via a filter vulnerability in the meta/post/user shortcodes (su_meta, su_post, su_user). The exploitable condition requires crafted shortcod...