Unauthenticated Shortcode Execution Vulnerability in Special Text Boxes Plugin
CVE-2024-8481

7.3HIGH

Key Information:

Vendor: Wordpress
Status: Special Text Boxes
Vendor: CVE Published:; 25 September 2024

What is CVE-2024-8481?

The Special Text Boxes plugin for WordPress contains a vulnerability that permits arbitrary shortcode execution within comment sections. This flaw exists in all versions up to and including 6.2.2, stemming from the addition of the filter 'add_filter('comment_text', 'do_shortcode');'. This configuration enables unauthenticated attackers to execute malicious shortcodes by injecting them into comments, posing serious security risks for websites using this plugin. Administrators are advised to immediately review their plugin versions and consider applying the necessary patches or disabling the plugin until a secure version is released.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-special-tex...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024

JSON

Wordpress

What is CVE-2024-8481?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.