EPSS
Percentile
60.8%
The plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site’s database.
www.wordfence.com/vulnerability-advisories/#CVE-2021-38324