CVE-2023-0340

Name of the Vulnerable Software and Affected Versions Custom Content Shortcode WordPress plugin versions 4.0.2 and earlier

Description The Custom Content Shortcode WordPress plugin does not validate one of its shortcode attributes, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. Remote Code Execution (RCE) could also be achieved if the attacker manages to upload a malicious image containing PHP code, and then include it via the affected attribute. On a default WordPress install, authors could easily achieve this given that they have the upload file capability.

Recommendations For versions 4.0.2 and earlier, update to a version later than 4.0.2 to resolve the issue. As a temporary workaround, consider restricting the upload file capability for authors and contributors to minimize the risk of exploitation. Additionally, restrict access to the vulnerable shortcode attribute to prevent arbitrary file inclusion.