CVE-2024-9578

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 13, 2024
CWE ID 862

Summary

CVE-2024-9578 is a vulnerability affecting the Hide Links plugin for WordPress. This issue allows unauthenticated attackers to execute arbitrary shortcodes on a target site due to the improper use of the do_shortcode function, which is hooked through the comment_text filter. Versions of the plugin up to and including 1.4.2 are susceptible to this exploit, potentially leading to serious security consequences.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share