Arbitrary Shortcode Execution in CF7 WOW Styler Plugin for WordPress
CVE-2024-12419
6.5MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 January 2025
What is CVE-2024-12419?
The CF7 WOW Styler plugin for WordPress contains a vulnerability that permits arbitrary shortcode execution due to improper validation of input values. This flaw affects all versions up to and including 1.7.0, allowing unauthenticated attackers to execute potentially harmful shortcodes within the WordPress environment. Although version 1.7.0 addressed associated Reflected Cross-Site Scripting risks, the vulnerability related to arbitrary shortcode execution remains unmitigated, posing significant security risks to users.
Affected Version(s)
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler * <= 1.6.9