Description
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate version 4.9.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.10.0 or latest
References
http://jvn.jp/en/jp/JVN63249051/index.html
https://plugins.svn.wordpress.org/shortcodes-ultimate/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Scriptless Social Sharing Cross-Site Scripting (3.2.1)
WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)
WordPress 4.1.x Arbitrary File Deletion Vulnerability (4.1 - 4.1.23)
WordPress Plugin Allopass for WP Cross-Site Scripting (1.0.7)