CVE-2024-10959
CVSS 3.1 Score 7.3 of 10 (high)
Details
Published Dec 10, 2024
CWE ID 94
Summary
CVE-2024-10959 is a vulnerability affecting the "Use constructor to create tables" plugin for WordPress, specifically the WooCommerce Active Products Tables component. This issue allows unauthenticated attackers to execute arbitrary shortcodes via the woot_get_smth AJAX action due to insufficient input validation during the execution of the do_shortcode function. Prior to version 1.0.6.6, the plugin failed to properly sanitize user-supplied data, enabling attackers to inject malicious shortcodes and potentially gain control of the targeted WordPress site.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share