CVE-2024-10970

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Related Vulnerabilities

CVE-2017-1242

MEDIUM
CVSS:5.4(Medium)

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro...

CWE-942017

CVE-2017-1329

MEDIUM
CVSS:5.4(Medium)

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro...

CWE-942017

CVE-2017-1753

MEDIUM
CVSS:5.4(Medium)

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-942017

CVE-2017-6782

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The v...

CWE-942017

CVE-2021-32809

MEDIUM
CVSS:5.4(Medium)

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. Th...

CWE-942021

CVE-2022-23008

MEDIUM
CVSS:5.4(Medium)

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to i...

CWE-942022