CVE-2024-10959

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Dec 10, 2024
CWE ID 94

Summary

CVE-2024-10959 is a vulnerability affecting the "Use constructor to create tables" plugin for WordPress, specifically the WooCommerce Active Products Tables component. This issue allows unauthenticated attackers to execute arbitrary shortcodes via the woot_get_smth AJAX action due to insufficient input validation during the execution of the do_shortcode function. Prior to version 1.0.6.6, the plugin failed to properly sanitize user-supplied data, enabling attackers to inject malicious shortcodes and potentially gain control of the targeted WordPress site.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share