The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
History

Thu, 12 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 08:45:00 +0000

Type Values Removed Values Added
Description The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Title WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-12T08:22:34.360Z

Updated: 2024-12-12T14:47:05.955Z

Reserved: 2024-12-06T22:28:54.364Z

Link: CVE-2024-12333

cve-icon Vulnrichment

Updated: 2024-12-12T14:46:56.617Z

cve-icon NVD

Status : Received

Published: 2024-12-12T09:15:05.390

Modified: 2024-12-12T09:15:05.390

Link: CVE-2024-12333

cve-icon Redhat

No data.