EUVD-2024-33553

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

WordPress Authors List plugin allows arbitrary shortcode execution via unvalidated AJAX action.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-10952	4 Dec 202402:52	–	circl
CNNVD	WordPress plugin The Authors List 安全漏洞	4 Dec 202400:00	–	cnnvd
CVE	CVE-2024-10952	4 Dec 202402:40	–	cve
Cvelist	CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax	4 Dec 202402:40	–	cvelist
NVD	CVE-2024-10952	4 Dec 202403:15	–	nvd
Patchstack	WordPress Authors List plugin <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax vulnerability	3 Dec 202414:41	–	patchstack
Positive Technologies	PT-2024-16660 · WordPress · Authors List	4 Dec 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-10952	5 Feb 202505:05	–	redhatcve
Vulnrichment	CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax	4 Dec 202402:40	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 2, 2024 to December 8, 2024)	12 Dec 202415:38	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "d1c28be4-13a1-3335-bd0d-9b9e162cd50f",
        "vendor": {
          "name": "WPKube"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "62cf90ca-3f48-3ab4-ad9c-dd11d402640c",
        "product": {
          "name": "Authors List"
        },
        "product_version": "* ≤2.0.4"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8b3cfe0a-dcfb-40f3-ba43-4e838c113010
plugins	www.plugins.trac.wordpress.org/browser/authors-list/tags/2.0.4/backend/includes/class-authors-list-item.php
wordpress	www.wordpress.org/plugins/authors-list/
wpkube	www.wpkube.com/

03 Oct 2025 20:07Current

8.7High risk

Vulners AI Score8.7

CVSS 3.17.3

EPSS0.01479

SSVC