7.3

CVE-2024-8478

Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution

Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution

The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Mögliche Gegenmaßnahme
Affiliate Super Assistent: Update to version 1.5.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IfeelwebAffiliate Super Assistent SwPlatformwordpress Version < 1.5.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Affiliate Super Assistent
Version *-1.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.454
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://plugins.trac.wordpress.org/browser/amazonsimpleadmin/trunk/AsaCore.php#L285
Product
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3147740%40amazonsimpleadmin&new=3147740%40amazonsimpleadmin&sfp_email=&sfph_mail=
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/7f50769c-77b8-42ff-b67d-b9b289fc51da
Third Party Advisory