CVE-2024-8481

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2

Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter('comment text','do shortcode');, which runs all shortcodes in comments, making it possible for unauthenticated attackers to execute arbitrary shortcodes.

Recommendations: For versions up to and including 6.2.2, consider disabling the do shortcode filter in comments to prevent arbitrary shortcode execution until a patch is available. Restrict access to commenting functionality to minimize the risk of exploitation.