CVE-2024-13792

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 25, 2025

CWE ID 94

Summary

CVE-2024-13792: The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress contains a vulnerability that allows unauthenticated attackers to execute arbitrary shortcodes. This issue arises due to the plugin's failure to properly validate user inputs before running do_shortcode. Consequentially, an attacker can inject malicious shortcodes, potentially leading to site compromise or data theft. Updates to version 3.3.3 and above resolve this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/26BmI9
https://www.cve.org/CVERecord?id=CVE-2024-13792
https://nvd.nist.gov/vuln/detail/CVE-2024-13792

Back to Vulnerability Database

CVE-2024-13792

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations