CVE-2024-8254

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Related Vulnerabilities

CVE-2017-18468

MEDIUM
CVSS:6.3(Medium)

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

CWE-942017

CVE-2018-20931

MEDIUM
CVSS:6.3(Medium)

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

CWE-942018

CVE-2019-1577

MEDIUM
CVSS:6.3(Medium)

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CWE-942019

CVE-2020-11056

MEDIUM
CVSS:6.3(Medium)

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has...

CWE-942020

CVE-2023-26877

MEDIUM
CVSS:6.3(Medium)

File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.

CWE-942023

CVE-2023-27897

MEDIUM
CVSS:6.3(Medium)

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an ...

CWE-942023