PT-2025-7518 · WordPress · Custom Post Type Date Archives
Krzysztof Zając
·
Published
2025-02-22
·
Updated
2025-02-23
·
CVE-2025-1510
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
The Custom Post Type Date Archives plugin for WordPress versions up to, and including, 2.7.1
Description
The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution. This issue arises because the software allows users to execute an action without properly validating a value before running
do shortcode. As a result, unauthenticated attackers can execute arbitrary shortcodes.Recommendations
For versions up to, and including, 2.7.1, update the Custom Post Type Date Archives plugin to version 2.7.2 or later to fix the arbitrary shortcode execution vulnerability.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Custom Post Type Date Archives