CVE-2024-12333

Name of the Vulnerable Software and Affected Versions Woodmart theme for WordPress versions up to 8.0.3

Description The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software permitting users to execute an action without properly validating a value before running do shortcode through the "woodmart instagram ajax query" AJAX action.

Recommendations For versions up to 8.0.3, update to a version later than 8.0.3 to resolve the issue. As a temporary workaround, consider disabling the woodmart instagram ajax query AJAX action until a patch is available. Restrict access to the do shortcode function to minimize the risk of exploitation.