CVE-2022-33970
📋 TL;DR
This vulnerability allows authenticated WordPress users to modify WordPress options, potentially leading to privilege escalation or site takeover. It affects WordPress sites running the Biplob018 Shortcode Addons plugin version 3.1.2 or earlier.
💻 Affected Systems
- Biplob018 Shortcode Addons WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with authenticated access could modify critical WordPress settings, install malicious plugins/themes, or gain administrative control of the entire WordPress site.
Likely Case
Authenticated users (including subscribers) could modify site settings, inject malicious content, or disrupt site functionality.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized setting changes that can be detected and reverted.
🎯 Exploit Status
Exploitation requires authenticated access to WordPress. Public proof-of-concept code exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.3 or later
Vendor Advisory: https://wordpress.org/plugins/shortcode-addons/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Shortcode Addons' and click 'Update Now'. 4. Alternatively, download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Shortcode Addons plugin until patched
wp plugin deactivate shortcode-addons
Restrict user capabilities
allLimit authenticated users' capabilities to prevent options modification
Use WordPress role editor plugins to restrict 'edit_options' capability
🧯 If You Can't Patch
- Implement strict access controls and monitor for unauthorized option changes
- Use web application firewall rules to block suspicious option modification requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Shortcode Addons version 3.1.2 or earlierCheck Version:
wp plugin get shortcode-addons --field=versionVerify Fix Applied:
Verify plugin version is 3.1.3 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- WordPress option update logs from non-admin users
- Unexpected wp_options table modifications
Network Indicators:
- POST requests to wp-admin/admin-ajax.php with option modification parameters
SIEM Query:
source="wordpress" AND (action="update_option" OR uri_path="/wp-admin/admin-ajax.php") AND user_role!="administrator"🔗 References
- https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-1-2-authenticated-wordpress-options-change-vulnerability
- https://wordpress.org/plugins/shortcode-addons/#developers
- https://patchstack.com/database/vulnerability/shortcode-addons/wordpress-shortcode-addons-plugin-3-1-2-authenticated-wordpress-options-change-vulnerability
- https://wordpress.org/plugins/shortcode-addons/#developers
