cleantalk
Vulnerabilities and Security Researches

Simple Spoiler, CVE-2024-8479

CVE, Research URL

CVE-2024-8479

Home page URL

Security reports for Simple Spoiler

Application

Simple Spoiler

Published on
Sep 14, 2024
Research Description
The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min 1.2, max 1.3.
Status
vulnerable
Previous vulnerability researches
Simple Spoiler (CVE-2024-8479) , Sep 15, 2024
Simple Spoiler (CVE-2024-35639) , Jun 07, 2024
Simple Spoiler (CVE-2025-31020) , Apr 11, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025