CVE-2024-13806

Name of the Vulnerable Software and Affected Versions The Authors List plugin for WordPress versions up to and including 2.0.6

Description The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to execute arbitrary shortcodes. This enables potential exploitation due to the lack of validation.

Recommendations For versions up to and including 2.0.6, update to a version that includes the necessary validation to prevent arbitrary shortcode execution. As a temporary workaround, consider restricting access to the shortcode execution functionality until a patch is available.