Title: Added random code within shortcode Last modified: July 26, 2017 --- # Added random code within shortcode * [chinamama](https://wordpress.org/support/users/chinamama/) * (@chinamama) * [8 years, 10 months ago](https://wordpress.org/support/topic/added-random-code-within-shortcode/) * I recently noticed that the youtube advanced shortcode started adding leftover snippets from other shortcodes. How do I stop this and clean this up? * Example: [su_youtube_advanced url=”[https://youtu.be/AX5ZnsDoPOk”](https://youtu.be/AX5ZnsDoPOk”); width=”1280″ height=”720″ controls=”no” autohide=”yes” showinfo=”no” rel=”no” modestbranding=”yes” theme=”light” https=”yes” wmode=”transparent”][/su_column][ su_column size=”1/2″][/su_column] [/su_row][/su_youtube_advanced] * For now I just manually clean up this specific shortcode. * However, another shortcode is presenting bigger problem with what seems to be a similar issue but I cannot seem to clean it up and the page looks broken with snippets of code on the customer side (live site). * Any suggestions? Anyone else ran into this? Viewing 2 replies - 1 through 2 (of 2 total) * [awtx](https://wordpress.org/support/users/awtx/) * (@awtx) * [8 years, 10 months ago](https://wordpress.org/support/topic/added-random-code-within-shortcode/#post-9354451) * Run a full backup of your site, then try installing v4.10.2 * Meanwhile, check your uploads directory for files named uploads.php and uploads2. php. If they exist, you were hacked through an exploit in the shortcodes-ultimate plugin. * The plugin has been vulnerable to Authenticated Directory Traversal since v4.9.9 and it still exists in v4.10.1. They recently released v4.10.2 but I haven’t bothered inspecting it yet. If a developer doesn’t think our website safety is his concern, I don’t feel the need to continue using any of his plugins. * I had 85 sites attacked with malicious files uploaded due to the exploits in this plugin. Fortunately, I block browser access to .php files in my uploads directory. This saved me and clients from a potential disaster. * [blue13matt](https://wordpress.org/support/users/blue13matt/) * (@blue13matt) * [8 years, 10 months ago](https://wordpress.org/support/topic/added-random-code-within-shortcode/#post-9354628) * how do we block browser access to .phps? Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Added random code within shortcode’ is closed to new replies. * ![](https://ps.w.org/shortcodes-ultimate/assets/icon-256x256.gif?rev=2547563) * [Shortcodes Ultimate - Content Elements](https://wordpress.org/plugins/shortcodes-ultimate/) * [Frequently Asked Questions](https://wordpress.org/plugins/shortcodes-ultimate/#faq) * [Support Threads](https://wordpress.org/support/plugin/shortcodes-ultimate/) * [Active Topics](https://wordpress.org/support/plugin/shortcodes-ultimate/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/shortcodes-ultimate/unresolved/) * [Reviews](https://wordpress.org/support/plugin/shortcodes-ultimate/reviews/) * 2 replies * 3 participants * Last reply from: [blue13matt](https://wordpress.org/support/users/blue13matt/) * Last activity: [8 years, 10 months ago](https://wordpress.org/support/topic/added-random-code-within-shortcode/#post-9354628) * Status: not resolved