4 matches found
CVE-2024-8481
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...
CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...
CVE-2024-8481
CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.
WordPress Special Text Boxes Plugin <= 6.2.2 is vulnerable to Bypass Vulnerability
Software Special Text Boxes Type Plugin Vulnerable versions = 6.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Bypass Vulnerability CVE CVE-2024-8481 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID ff741af18511 Credits Francesco Carlucci Required privilege...