5 matches found
CVE-2024-9578
creationtimestamp| type| source ---|---|--- 2024-11-13 04:07:10+00:00| seen| https://t.me/cvedetector/10765 2024-11-13 04:22:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113473731699729747...
CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...
CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...
CVE-2024-9578
CVE-2024-9578 : The Hide Links WordPress plugin is vulnerable in all versions up to and including 1.4.2, allowing unauthenticated attackers to execute arbitrary shortcodes by abusing do_shortcode via the comment_text filter. Impact is unauthenticated shortcode execution on the target site. Remedi...
WordPress Hide Links Plugin <= 1.4.2 is vulnerable to Broken Authentication
Software Hide Links Type Plugin Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9578 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4b4a91ec2385 Credits Francesco...