The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Blogcoding
Blogcoding special Text Boxes |
|
CPEs | cpe:2.3:a:blogcoding:special_text_boxes:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Blogcoding
Blogcoding special Text Boxes |
Wed, 25 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Minimus
Minimus special Text Boxes |
|
CPEs | cpe:2.3:a:minimus:special_text_boxes:*:*:*:*:*:*:*:* | |
Vendors & Products |
Minimus
Minimus special Text Boxes |
|
Metrics |
ssvc
|
Wed, 25 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |
Title | Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-25T02:05:00.954Z
Updated: 2024-09-25T14:10:55.014Z
Reserved: 2024-09-05T15:54:41.396Z
Link: CVE-2024-8481
Vulnrichment
Updated: 2024-09-25T14:07:47.804Z
NVD
Status : Analyzed
Published: 2024-09-25T03:15:04.593
Modified: 2024-10-02T17:59:52.013
Link: CVE-2024-8481
Redhat
No data.