PT-2026-32600 · WordPress · Germanized For Woocommerce
Chiao-Lin Yu
·
Published
2026-04-14
·
Updated
2026-04-14
·
CVE-2026-2582
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Germanized for WooCommerce plugin for WordPress versions prior to 3.20.6
Description
The software allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the application fails to properly validate a value before running the
do shortcode() function via the account holder parameter.Recommendations
Update the plugin to a version later than 3.20.5.
As a temporary workaround, restrict access to the
account holder parameter to minimize the risk of exploitation.Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Germanized For Woocommerce