Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/09/16 12:0 a.m.8 views

WordPress Simple Spoiler Plugin <= 1.3 is vulnerable to Broken Access Control

Software Simple Spoiler Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-8479 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 5815e2232ebe Credits Francesco Carlucci Required privilege...

7.3CVSS6.8AI score0.00565EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/09/14 4:15 a.m.8 views

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

7.3CVSS0.00565EPSS
Exploits0References3
OSV
OSV
added 2024/09/14 4:15 a.m.4 views

CVE-2024-8479

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

7.3CVSS6.1AI score0.00565EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/14 3:19 a.m.11 views

CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...

7.3CVSS7.5AI score0.00565EPSS
Exploits0References3
Rows per page
Query Builder