WordPress Shortcoder Plugin <= 6.3 is vulnerable to Broken Access Control

Hi All,

This is fixed in Shortcoder v6.3.1.

Thanks

Thanks you for the quick support on this.

Thank you!

Hi,

Patchstack reports v6.3.1 also as vulnerable. Any update on this?

Thanks!

Hi,

Issue is already fixed. I don’t know why it is still open. I have already updated them with the fix and I don’t see it verified on their side.

I can assure that the issue is fixed and there is nothing to worry. We can consider this cases as resolved.

Thanks,

Aakash

Thanks, its showing resolved on my side.

Unfortunately, however, even according to WpScan it is still vulnerable, even in version 6.3.1: https://wpscan.com/vulnerability/e19a470c-7e8c-4193-8b91-0503f9d3d6d9/ ??

I was going to ask something, but it seems it has already been addressed.

• This reply was modified 11 months, 2 weeks ago by pavefe.

Hi all,

The reported issue is already fixed in v6.3.1. It was a minor issue which causes no leak/loss.

I’m following up with patchstack team to get this resolved ASAP.

Thanks,

Aakash