CVE-2024-8479

Name of the Vulnerable Software and Affected Versions: The Simple Spoiler plugin for WordPress versions 1.2 to 1.3

Description: The issue is due to the plugin adding the filter add filter('comment text','do shortcode'), which runs all shortcodes in comments. This allows unauthenticated attackers to execute arbitrary shortcodes.

Recommendations: For versions 1.2 to 1.3, consider disabling the do shortcode function in the comment text filter until a patch is available. Restrict access to comments to minimize the risk of exploitation. Avoid using shortcodes in comments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.