Vulnerabilities and security researches forwp-syntax wp-syntax

Jun 07, 2024

CVE, Research URL: CVE-2009-2852
Home page URL: Security reports for WP-Syntax
Application: WP-Syntax
Date: Aug 19, 2009
Research Description: WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
Affected versions: Min -, max -.
Status: vulnerable

Apr 22, 2025

CVE, Research URL: CVE-2024-13926
Home page URL: Security reports for WP-Syntax
Application: WP-Syntax
Date: Apr 19, 2025
Research Description: The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.
Affected versions: Min -, max -.
Status: vulnerable