Shortcodes Ultimate < 5.12.7 - Subscriber+ Arbitrary File Access

The plugin does not validate the url attribute of its su_table shortcode before displaying its content, which could allow any authenticated users, such as subscriber to read arbitrary files from the server when the “Unsafe Features” settings is enabled