Description
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate version 4.9.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.10.0 or latest
References
http://jvn.jp/en/jp/JVN63249051/index.html
https://plugins.svn.wordpress.org/shortcodes-ultimate/trunk/readme.txt
Related Vulnerabilities
Oracle Application Server Improper Authentication Vulnerability (CVE-2002-0563)
WordPress 4.6.x Directory Traversal (4.6 - 4.6.28)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2016-2161)
WordPress Plugin Insert or Embed Articulate Content into WordPress Directory Traversal (4.2999)