cleantalk
Vulnerabilities and Security Researches

WP Latest Posts, CVE-2024-4135

CVE, Research URL

CVE-2024-4135

Home page URL

Security reports for WP Latest Posts

Application

WP Latest Posts

Published on
May 08, 2024
Research Description
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
max 5.0.8.
Status
vulnerable
Previous vulnerability researches
WP Latest Posts (CVE-2026-9620) , Jun 25, 2026
WP Latest Posts (CVE-2016-10913) , Jun 07, 2024
WP Latest Posts (CVE-2024-4135) , Jun 07, 2024
New vulnerability
WP Activity Log (CVE-2026-56005) , Jun 25, 2026
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin (CVE-2026-7761) , Jun 25, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin (CVE-2026-54830) , Jun 25, 2026
MapPress Maps for WordPress (CVE-2026-56011) , Jun 25, 2026
WP Photo Album Plus (CVE-2026-54829) , Jun 25, 2026