CVE Catalog

CVE-2025-63041

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The Forget About Shortcode Buttons plugin in versions 2.1.3 and below contains a vulnerability due to improper access control for contributors. A user with the contributor role can gain unauthorized access to functions that should be reserved for higher roles.

Risk Assessment

The risk is that a contributor can modify or delete plugin settings, potentially leading to unauthorized changes to site content or functionality.

Recommendation

It is recommended to immediately update the Forget About Shortcode Buttons plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS