A recent authenticated contributor code execution vulnerability was disclosed. This vulnerability would allow a remote attacker with access to the WordPress control panel to execute arbitrary commands on the server by exploiting the Shortcodes Ultimate vulnerability. This could allow an authenticated attacker to upload malicious PHP files to the server that would allow them to escalate privileges.

This vulnerability does not impact ZIZSOFT hosting customers because the exploit would require the vulnerable host to allow the system() function to be enabled in the servers PHP configuration. We are announcing because of the need to upgrade to the latest version available from the plugin repository at WordPress.org. Any version equal to, or above 5.0.0 is the stable version we recommend.