Description
Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
Published: 2026-06-26
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a broken access control flaw in the Forget About Shortcode Buttons plugin for WordPress. It allows an attacker with inadequate privileges to perform privileged operations or to modify plugin settings, which could lead to unauthorized content changes or further exploitation. The weakness is categorized as CWE‑862, which concerns missing authorization controls.

Affected Systems

This issue affects the Code Amp Forget About Shortcode Buttons plugin for WordPress versions 2.1.3 and earlier. It applies to installations of the plugin on any WordPress site that has not been updated beyond version 2.1.3.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate impact, and because the EPSS score is not reported and the vulnerability is not listed in the CISA KEV catalog, the likelihood of mass exploitation at this time is uncertain. The attack vector is likely through authenticated access to the plugin’s administrative interface or by exploiting the plugin’s URL parameters, given the nature of broken access control.

Generated by OpenCVE AI on June 26, 2026 at 16:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Forget About Shortcode Buttons to the latest available version
  • Renegotiate user roles to limit access to the plugin’s settings
  • If the plugin is not essential, remove or disable it from the WordPress installation

Generated by OpenCVE AI on June 26, 2026 at 16:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.
Title WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T17:10:40.998Z

Reserved: 2025-10-24T14:26:26.918Z

Link: CVE-2025-63041

cve-icon Vulnrichment

Updated: 2026-06-26T17:10:38.040Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:30:03Z

Weaknesses