The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References
Configurations
No configuration.
History
14 Sep 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-14 04:15
Updated : 2024-09-14 11:47
NVD link : CVE-2024-8479
Mitre link : CVE-2024-8479
CVE.ORG link : CVE-2024-8479
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')