CVE-2026-2582

Description

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via account_holder parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.