Arbitrary Shortcode Execution Vulnerability in Germanized for WooCommerce Plugin by WordPress
CVE-2026-2582

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Germanized For WooCommerce
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-2582?

The Germanized for WooCommerce plugin for WordPress can be exploited by unauthenticated attackers through the 'account_holder' parameter to execute arbitrary shortcodes. This vulnerability arises from insufficient validation of user input before processing, allowing harmful code execution in all versions up to and including 3.20.5. Administrators should take immediate action to remediate this vulnerability by updating to the latest version.

Affected Version(s)

Germanized for WooCommerce 0 <= 3.20.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/woocommerce-ge...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 16, 2026

Credit

Chiao-Lin Yu

CVE-2026-2582 Data

JSON