CVE-2024-12421

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 13, 2024
CWE ID 94

Summary

CVE-2024-12421 is a vulnerability affecting The Coupon Affiliates plugin for WooCommerce used in WordPress. The issue stems from unvalidated user input leading to arbitrary shortcode execution. This flaw enables unauthenticated attackers to execute malicious code by inserting adversarial shortcodes. Additionally, this vulnerability was found to be exploitable for Reflected Cross-Site Scripting, which was patched in version 5.16.7.1. However, the arbitrary shortcode execution remained unaddressed and was eventually patched in version 5.16.7.2.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share