Arbitrary Shortcode Execution Vulnerability in The Authors List Plugin
CVE-2024-10952
7.3HIGH
What is CVE-2024-10952?
The Authors List plugin for WordPress is impacted by a vulnerability that allows for arbitrary shortcode execution. This issue arises from the update_authors_list_ajax AJAX action, which fails to properly validate user-supplied input before executing do_shortcode. As a result, unauthenticated attackers can exploit this weakness to run arbitrary shortcodes, potentially leading to unauthorized actions and code execution within WordPress environments. All versions of the plugin up to and including 2.0.4 are affected, necessitating prompt updates to mitigate any risks associated with this vulnerability.
Affected Version(s)
Authors List * <= 2.0.4