CVE-2024-9578
MEDIUMHide Links <= 1.4.2 - Unauthenticated Arbitrary Shortcode Execution via Comment Text Filter
Title source: llmDescription
The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
References (2)
Core 2
Scores
CVSS v3
5.3
EPSS
0.0054
EPSS Percentile
41.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
avovkdesign/hide_links
< 1.4.2
egolacrima/Hide Links
< 1.4.2
Published
Nov 13, 2024
Tracked Since
Feb 18, 2026