CVE-2024-10633

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-95
View all →

Vulnerability Description

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Related Vulnerabilities

CVE-2019-9507

HIGH
CVSS:7.2(High)

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands wi...

CWE-952019

CVE-2023-0888

HIGH
CVSS:7.2(High)

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access t...

CWE-952023

CVE-2023-6735

HIGH
CVSS:7.8(High)

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-952023

CVE-2023-7101

HIGH
CVSS:7.8(High)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated ...

CWE-952023

CVE-2023-7224

HIGH
CVSS:7.8(High)

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CWE-952023

CVE-2023-7245

HIGH
CVSS:7.8(High)

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via...

CWE-952023