CVE-2024-12333

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 94

Summary

CVE-2024-12333: The Woodmart theme for WordPress, versions up to 8.0.3, is susceptible to arbitrary shortcode execution. This vulnerability arises due to the theme's failure to adequately validate user input before processing it through the 'do_shortcode' function via the 'woodmart_instagram_ajax_query' AJAX action. As a result, unauthenticated attackers can manipulate and execute any arbitrary shortcode they desire.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share