PT-2026-28213 · WordPress · Responsive Plus

Alex Tselevich

Publicado

2026-03-26

Atualizado

2026-03-26

CVE-2025-15488

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Responsive Plus WordPress plugin versions prior to 3.4.3

Description The software allows unauthenticated users to execute the update responsive woo free shipping left shortcode AJAX action without proper validation of the content rech data parameter. This can lead to arbitrary shortcode execution. The vulnerable action processes the content rech data parameter as a shortcode.

Recommendations Update to version 3.4.3 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2025-15488

Produtos afetados

Responsive Plus

PT-2026-28213 · WordPress · Responsive Plus

CVE-2025-15488

Identificadores relacionados

Produtos afetados

Referências · 3