Security Advisory

CVE-2024-8479

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-14 03:19:28

Last updated 2024-09-16 19:11:05

Assigner Wordfence

State PUBLISHED

Description

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter(comment_text, do_shortcode); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

← Browse all CVEs View on cve.org ↗