Missing Authorization in UIUX Lab's Uix Shortcodes Plugin
CVE-2025-22677

4.8MEDIUM

Key Information:

Vendor: WordPress
Status: Uix Shortcodes
Vendor: CVE Published:; 3 February 2025

What is CVE-2025-22677?

The Uix Shortcodes plugin developed by UIUX Lab contains a vulnerability that allows attackers to exploit incorrectly configured access control security levels. This flaw enables unauthorized users to gain access to restricted functionalities within the plugin. Affected versions run the risk of arbitrary shortcode execution, which could lead to further exploits within the WordPress environment.

Affected Version(s)

Uix Shortcodes <= 2.0.3

References

https://patchstack.com/database/wordpress/plugin/uix-shor...

vdb-entry

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

theviper17 (Patchstack Alliance)