3 matches found
CVE-2024-4135
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to...
CVE-2024-4135 WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to...
WordPress WP Latest Posts Plugin <= 5.0.7 is vulnerable to Broken Access Control
Software WP Latest Posts Type Plugin Vulnerable versions = 5.0.7 Fixed in 5.0.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4135 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d50d11e9be4f Credits stealthcopter Required privile...