The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
History

Mon, 28 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Uiuxlab
Uiuxlab uix Shortcodes
CPEs cpe:2.3:a:uiuxlab:uix_shortcodes:*:*:*:*:*:*:*:*
Vendors & Products Uiuxlab
Uiuxlab uix Shortcodes
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 26 Oct 2024 09:45:00 +0000

Type Values Removed Values Added
Description The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Title Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-10-26T09:35:19.550Z

Updated: 2024-10-28T20:19:23.252Z

Reserved: 2024-10-09T20:49:59.396Z

Link: CVE-2024-9772

cve-icon Vulnrichment

Updated: 2024-10-28T20:19:16.160Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-26T10:15:10.747

Modified: 2024-10-28T13:58:09.230

Link: CVE-2024-9772

cve-icon Redhat

No data.