Description
WordPress Plugin Shortcode Addons-with Visual Composer, Divi, Beaver Builder and Elementor Extension is prone to a function injection vulnerability. An attacker may leverage this issue to call any static method, with up to three optional parameters. WordPress Plugin Shortcode Addons-with Visual Composer, Divi, Beaver Builder and Elementor Extension version 3.2.5 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4203)
Apache HTTP Server Numeric Errors Vulnerability (CVE-2010-0010)
WordPress Plugin Zephyr Project Manager Multiple Vulnerabilities (3.2.42)
phpMyAdmin Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2020-22278)
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)