{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1481", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-19T20:48:39.818Z", "datePublished": "2025-03-08T02:24:01.278Z", "dateUpdated": "2026-04-08T16:36:56.659Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:56.659Z"}, "affected": [{"vendor": "mandooox", "product": "Shortcode Cleaner Lite", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export arbitrary options."}], "title": "Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15613da5-f900-4a33-8eec-6c9e52ed30fc?source=cve"}, {"url": "https://wordpress.org/plugins/shortcode-cleaner-lite/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/shortcode-cleaner-lite/trunk/vendor/codestar/codestar/core/Module/Export.php#L53"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "timeline": [{"time": "2025-03-07T14:16:32.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T16:05:44.136587Z", "id": "CVE-2025-1481", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T16:05:52.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1481", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T16:05:44.136587Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T16:05:47.400Z"}}], "cna": {"title": "Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export", "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "mandooox", "product": "Shortcode Cleaner Lite", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-07T14:16:32.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15613da5-f900-4a33-8eec-6c9e52ed30fc?source=cve"}, {"url": "https://wordpress.org/plugins/shortcode-cleaner-lite/#developers"}, {"url": "https://plugins.trac.wordpress.org/browser/shortcode-cleaner-lite/trunk/vendor/codestar/codestar/core/Module/Export.php#L53"}], "descriptions": [{"lang": "en", "value": "The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export arbitrary options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-08T02:24:01.278Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1481", "state": "PUBLISHED", "dateUpdated": "2025-03-10T16:05:52.276Z", "dateReserved": "2025-02-19T20:48:39.818Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-08T02:24:01.278Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jozoor:shortcode_cleaner_lite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "956DA14F-2D14-4844-85A9-EF395CEAD014", "versionEndIncluding": "1.0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export arbitrary options."}, {"lang": "es", "value": "El complemento Shortcode Cleaner Lite para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n download_backup() en todas las versiones hasta la 1.0.9 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, exporten opciones arbitrarias."}], "id": "CVE-2025-1481", "lastModified": "2025-03-12T16:40:25.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-08T03:15:37.237", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/shortcode-cleaner-lite/trunk/vendor/codestar/codestar/core/Module/Export.php#L53"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/shortcode-cleaner-lite/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15613da5-f900-4a33-8eec-6c9e52ed30fc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:51:01.899758+00:00", "value": {"mitigation_remediation": ["Update the Shortcode Cleaner Lite plugin to version 1.0.10 or later, or uninstall it if it is no longer needed.", "Restrict normal subscriber accounts from accessing the plugin's export functionality by adjusting role permissions or removing them from the site.", "Conduct an audit of all WordPress installations using the plugin to confirm no unauthorized backups have been exported and rotate any compromised credentials."], "summary": {"action": "Immediate Patch", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "The issue affects the Shortcode Cleaner Lite WordPress plugin by the vendor mandooox. All releases up to and including version 1.0.9 are vulnerable. WordPress sites that have installed any of these releases are exposed.", "description_and_impact": "The Shortcode Cleaner Lite plugin contains a missing capability check in its download_backup() function. As a result, any authenticated user with Subscriber-level access and above can call this function and export arbitrary options from the WordPress database. This allows an attacker to pull sensitive configuration data, potentially compromising site integrity and privacy. The flaw is a classic missing authorization issue, classified as CWE\u2011862.", "risk_and_exploitability": "With a CVSS score of 6.5 the vulnerability is of moderate severity. The EPSS score is below 1%, indicating that exploitation is unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. Because the exploit requires only a normal authenticated subscriber account, an attacker does not need elevated privileges or remote code execution, but can still unfetteredly download site options."}}}}, "created": "2026-04-22T18:00:05.478516+00:00", "updated": "2026-04-22T18:00:05.478527+00:00", "vendors": []}