One of the areas of WordPress plugins that has received additional attention when it comes to security recently has been shortcodes, as WordPress now allows anyone that is logged in to WordPress to access those. While that change has expanded the pool of people that might exploit an issue related to those, it was already the case that lower level
Source: Security Feed