4 matches found
WordPress Simple Spoiler Plugin <= 1.3 is vulnerable to Broken Access Control
Software Simple Spoiler Type Plugin Vulnerable versions = 1.3 Fixed in 1.4 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2024-8479 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID 5815e2232ebe Credits Francesco Carlucci Required privilege...
CVE-2024-8479
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...
CVE-2024-8479
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...
CVE-2024-8479 Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to...