CVE-2024-8479
CVE-2024-8479 affects the WordPress plugin Simple Spoiler (versions 1.2–1.3). The vulnerability stems from the plugin adding the filter add_filter('comment_text','do_shortcode'), which causes all shortcodes in comments to be executed. This enables unauthenticated attackers to run arbitrary shortc...