Arbitrary Shortcode Execution Vulnerability in WordPress Popular Posts Plugin by WordPress
CVE-2024-11733
7.3HIGH
What is CVE-2024-11733?
The WordPress Popular Posts plugin, utilized widely within WordPress sites, exhibits a severe vulnerability that facilitates arbitrary shortcode execution. This flaw stems from the plugin's failure to properly validate values prior to executing the do_shortcode function, potentially allowing unauthenticated attackers to run arbitrary shortcodes. All versions of the plugin up to and including 7.1.0 are impacted, making it imperative for site administrators to apply mitigations to safeguard their websites from possible exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WordPress Popular Posts * <= 7.1.0
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published