CVE-2024-12420
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 13, 2024
CWE ID 94
Summary
CVE-2024-12420: The WPMobile.App plugin for WordPress, used in both Android and iOS mobile applications, contains a vulnerability that allows arbitrary shortcode execution. This issue arises due to the plugin's failure to properly validate user input before running do_shortcode. Consequently, unauthenticated attackers can exploit this vulnerability to execute arbitrary shortcodes and potentially gain unauthorized access or control. Versions up to and including 11.52 are affected.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share