cleantalk
Vulnerabilities and Security Researches

WPMobile.App — Android and iOS Mobile Application, CVE-2024-12420

CVE, Research URL

CVE-2024-12420

Home page URL

Security reports for WPMobile.App — Android and iOS Mobile Application

Application

WPMobile.App — Android and iOS Mobile Application

Published on
Dec 13, 2024
Research Description
The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
max 11.53.
Status
vulnerable
Previous vulnerability researches
WPMobile.App — Android and iOS Mobile Application (CVE-2024-12420) , Dec 15, 2024
WPMobile.App — Android and iOS Mobile Application (CVE-2025-62074) , Nov 11, 2025
WPMobile.App — Android and iOS Mobile Application (CVE-2024-43933) , Aug 29, 2024
WPMobile.App — Android and iOS Mobile Application (CVE-2024-47349) , Oct 03, 2024
WPMobile.App — Android and iOS Mobile Application (CVE-2023-22702) , Jun 07, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025