प्लेटफ़ॉर्म
wordpress
घटक
wolmart
में ठीक किया गया
1.8.12
CVE-2024-13793 describes an arbitrary shortcode execution vulnerability discovered in the Wolmart | Multi-Vendor Marketplace WooCommerce Theme. This flaw allows unauthenticated attackers to inject and execute malicious shortcodes, potentially compromising the entire WordPress site. The vulnerability affects versions of the theme up to and including 1.8.11. A patch is expected from the vendor.
The impact of this vulnerability is significant. Successful exploitation allows an attacker to execute arbitrary shortcodes, effectively granting them control over the website's functionality. This could lead to the injection of malicious content, redirection to phishing sites, defacement of the website, or even complete website takeover. The ability to execute arbitrary shortcodes bypasses standard WordPress security measures, making this a particularly dangerous vulnerability. Attackers could leverage this to steal sensitive user data, install malware, or use the compromised site as a launchpad for further attacks.
This vulnerability was publicly disclosed on 2025-05-08. There are currently no known public exploits, but the ease of exploitation makes it a likely target for attackers. The vulnerability's impact and ease of exploitation could lead to it being added to the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for updates.
Websites using the Wolmart | Multi-Vendor Marketplace WooCommerce Theme, particularly those with user-generated content or allowing user input in areas that utilize shortcodes, are at significant risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/themes/wolmart/• wordpress / composer / npm:
wp plugin list | grep wolmart• wordpress / composer / npm:
wp plugin update wolmart --alldisclosure
एक्सप्लॉइट स्थिति
EPSS
1.32% (80% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade the Wolmart | Multi-Vendor Marketplace WooCommerce Theme to a patched version as soon as it becomes available. Until the patch is released, consider implementing temporary workarounds. Disable shortcode execution in user-controllable areas of the theme. Implement strict input validation and sanitization on all user-supplied data used in shortcode processing. Web Application Firewalls (WAFs) configured to block suspicious shortcode patterns can provide an additional layer of protection. Regularly scan the WordPress installation for unauthorized shortcodes using security plugins.
Actualice el tema Wolmart a la última versión disponible. Esto solucionará la vulnerabilidad de ejecución de shortcodes arbitrarios.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-13793 is a HIGH severity vulnerability affecting the Wolmart WooCommerce theme, allowing unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation.
You are affected if you are using Wolmart theme versions 1.8.11 or earlier. Check your theme version and upgrade immediately.
Upgrade the Wolmart theme to the latest patched version as soon as it's available. Until then, consider temporary workarounds like disabling shortcode execution in user-controllable areas.
While no public exploits are currently known, the vulnerability's ease of exploitation makes it a likely target for attackers. Monitor security advisories.
Check the official Wolmart theme website and WordPress plugin repository for updates and security advisories related to CVE-2024-13793.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।