Support » Plugin: Shortcodes Ultimate » Added random code within shortcode

  • I recently noticed that the youtube advanced shortcode started adding leftover snippets from other shortcodes. How do I stop this and clean this up?

    Example:
    [su_youtube_advanced url=”https://youtu.be/AX5ZnsDoPOk” width=”1280″ height=”720″ controls=”no” autohide=”yes” showinfo=”no” rel=”no” modestbranding=”yes” theme=”light” https=”yes” wmode=”transparent”][/su_column] [su_column size=”1/2″][/su_column] [/su_row][/su_youtube_advanced]

    For now I just manually clean up this specific shortcode.

    However, another shortcode is presenting bigger problem with what seems to be a similar issue but I cannot seem to clean it up and the page looks broken with snippets of code on the customer side (live site).

    Any suggestions? Anyone else ran into this?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Run a full backup of your site, then try installing v4.10.2

    Meanwhile, check your uploads directory for files named uploads.php and uploads2.php. If they exist, you were hacked through an exploit in the shortcodes-ultimate plugin.

    The plugin has been vulnerable to Authenticated Directory Traversal since v4.9.9 and it still exists in v4.10.1. They recently released v4.10.2 but I haven’t bothered inspecting it yet. If a developer doesn’t think our website safety is his concern, I don’t feel the need to continue using any of his plugins.

    I had 85 sites attacked with malicious files uploaded due to the exploits in this plugin. Fortunately, I block browser access to .php files in my uploads directory. This saved me and clients from a potential disaster.

    how do we block browser access to .phps?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Added random code within shortcode’ is closed to new replies.