CVE-2024-7381

CVSS V2 None CVSS V3 None
Description
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
Overview
  • CVE ID
  • CVE-2024-7381
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-05T11:00:15.152Z
  • Last Modified Date
  • 2024-09-05T18:11:31.024Z
History
Created Old Value New Value Data Type Notes
2024-09-06 13:04:27 Added to TrackCVE