Vulnerability Details CVE-2024-9578
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.6%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-9578
-
cpe:2.3:a:avovkdesign:hide_links:*