CVE Catalog
CVE-2025-63041
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
The Forget About Shortcode Buttons plugin in versions 2.1.3 and below contains a vulnerability due to improper access control for contributors. A user with the contributor role can gain unauthorized access to functions that should be reserved for higher roles.
Risk Assessment
The risk is that a contributor can modify or delete plugin settings, potentially leading to unauthorized changes to site content or functionality.
Recommendation
It is recommended to immediately update the Forget About Shortcode Buttons plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

