CVE-2024-12421
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 13, 2024
CWE ID 94
Summary
CVE-2024-12421 is a vulnerability affecting The Coupon Affiliates plugin for WooCommerce used in WordPress. The issue stems from unvalidated user input leading to arbitrary shortcode execution. This flaw enables unauthenticated attackers to execute malicious code by inserting adversarial shortcodes. Additionally, this vulnerability was found to be exploitable for Reflected Cross-Site Scripting, which was patched in version 5.16.7.1. However, the arbitrary shortcode execution remained unaddressed and was eventually patched in version 5.16.7.2.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share