Описание
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Ссылки
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.2 (включая) до 1.4 (исключая)
cpe:2.3:a:webliberty:simple_spoiler:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 78%
0.01145
Низкий
7.3 High
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 7.3
github
больше 1 года назад
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
EPSS
Процентиль: 78%
0.01145
Низкий
7.3 High
CVSS3
Дефекты
CWE-94