CVE-2024-8479

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-94
View all →

Vulnerability Description

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Related Vulnerabilities

CVE-2005-3302

HIGH
CVSS:7.3(High)

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

CWE-942005

CVE-2016-7966

HIGH
CVSS:7.3(High)

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sig...

CWE-942016

CVE-2019-10173

HIGH
CVSS:7.3(High)

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attack...

CWE-942019

CVE-2022-0845

HIGH
CVSS:7.3(High)

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

CWE-942022

CVE-2022-28766

HIGH
CVSS:7.3(High)

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged ...

CWE-942022

CVE-2022-36069

HIGH
CVSS:7.3(High)

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are const...

CWE-942022