PT-2026-4326 · WordPress · Buddypress
Michael Mazzolini
·
Publicado
2026-01-23
·
Atualizado
2026-01-28
·
CVE-2024-11976
CVSS v3.1
7.3
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
BuddyPress plugin for WordPress versions prior to 14.3.4
Description
The BuddyPress plugin for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate input before running the
do shortcode function. This allows unauthenticated attackers to execute arbitrary shortcodes.Recommendations
Update the BuddyPress plugin to version 14.3.4 or later.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Buddypress