The WordPress Shortcode Addons plugin version 3.2.5 and below is prone to an unauthenticated function injection vulnerability.