The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
History

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 13 Dec 2024 08:45:00 +0000

Type Values Removed Values Added
Description The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Title Simple Link Directory <= 8.4.0 - Unauthenticated Arbitrary Shortcode Execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-13T08:24:51.341Z

Updated: 2024-12-16T16:41:33.641Z

Reserved: 2024-12-10T16:04:13.251Z

Link: CVE-2024-12417

cve-icon Vulnrichment

Updated: 2024-12-16T15:59:37.269Z

cve-icon NVD

Status : Received

Published: 2024-12-13T09:15:08.353

Modified: 2024-12-13T09:15:08.353

Link: CVE-2024-12417

cve-icon Redhat

No data.