The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
History

Mon, 16 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 13 Dec 2024 08:45:00 +0000

Type Values Removed Values Added
Description The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Title WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-13T08:24:49.126Z

Updated: 2024-12-16T16:41:57.690Z

Reserved: 2024-12-10T16:20:17.012Z

Link: CVE-2024-12420

cve-icon Vulnrichment

Updated: 2024-12-16T15:59:42.485Z

cve-icon NVD

Status : Received

Published: 2024-12-13T09:15:08.627

Modified: 2024-12-13T09:15:08.627

Link: CVE-2024-12420

cve-icon Redhat

No data.