7.3
CVE-2024-8481
- EPSS 0.62%
- Veröffentlicht 25.09.2024 03:15:04
- Zuletzt bearbeitet 08.04.2026 17:19:37
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSpecial Text Boxes <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution
Special Text Boxes <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Mögliche Gegenmaßnahme
Special Text Boxes: Update to version 6.2.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Simplelib ≫ Special Text Boxes SwEditionfree SwPlatformwordpress Version <= 6.2.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Special Text Boxes
Version
*-6.2.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.451 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://www.wordfence.com/threat-intel/vulnerabilities/id/15b2a08f-2122-4eaf-ab46-1945cf6a68ca?source=cve
https://plugins.trac.wordpress.org/changeset/3166470/
https://plugins.trac.wordpress.org/tags/6.2.2/wp-special-textboxes/trunk/stb-class.php#L36
https://www.wordfence.com/threat-intel/vulnerabilities/id/15b2a08f-2122-4eaf-ab46-1945cf6a68ca