CVE-2024-13453

Name of the Vulnerable Software and Affected Versions The Contact Form & SMTP Plugin for WordPress by PirateForms versions up to, and including, 2.6.0

Description The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The problem is due to insufficient validation of a value, which enables the execution of arbitrary shortcodes by attackers without authentication.

Recommendations For versions up to, and including, 2.6.0, update to a version higher than 2.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the do shortcode function until a patch is available. Avoid using the plugin until the issue is resolved.