2024-09-14 03:19:28
Wordfence
PUBLISHED
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter(comment_text, do_shortcode); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.