Arbitrary Shortcode Execution in CF7 WOW Styler Plugin for WordPress
CVE-2024-12419

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Design For Contact Form 7 Style WordPress Plugin – Cf7 Wow Styler
Vendor
CVE Published:
7 January 2025

What is CVE-2024-12419?

The CF7 WOW Styler plugin for WordPress contains a vulnerability that permits arbitrary shortcode execution due to improper validation of input values. This flaw affects all versions up to and including 1.7.0, allowing unauthenticated attackers to execute potentially harmful shortcodes within the WordPress environment. Although version 1.7.0 addressed associated Reflected Cross-Site Scripting risks, the vulnerability related to arbitrary shortcode execution remains unmitigated, posing significant security risks to users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler * <= 1.6.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/cf7-styler/tag...
https://plugins.trac.wordpress.org/browser/cf7-styler/tag...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Arkadiusz Hydzik
JSON
.