https://www.pluginvulnerabilities.com/2017/07/10/vulnerability-details-authenticated-arbitrary-file-viewing-vulnerability-in-shortcodes-ultimate/

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.

An advisory was released by the JPCERT/CC and IPA that an authenticated arbitrary file viewing

Powered by WPeMatico