CVE-2024-13793 – Walmart | WooCommerce Theme WordPress Shortcode Injection Vulnerability

May 8, 2025

CVE ID : CVE-2024-13793

Published : May 8, 2025, 5:15 a.m. | 1 hour, 23 minutes ago

Description : The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3419 – WordPress Eventin Plugin Arbitrary File Read Vulnerability

Next Article CVE-2025-32873 – Django Slow Denial-of-Service Vulnerability in HTML Tag Processing

Highlights

CVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

May 6, 2025

CVE ID : CVE-2025-3852

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user’s identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2024-13793 – Walmart | WooCommerce Theme WordPress Shortcode Injection Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

CES 2015 in Las Vegas: first impressions, 5 hot topics

CVE-2025-5627 – “Code-projects Patient Record Management System SQL Injection Vulnerability”

8 new features arriving with the August 2025 Security Update for Windows 11

CVE-2025-6634 – Autodesk 3ds Max Memory Corruption Vulnerability

CVE-2025-3852 – WordPress WPshop E-Commerce Privilege Escalation Vulnerability

CVE-2025-45938 – Akeles Out of Office Assistant for Jira XSS

Rilasciato KDE Frameworks 6.16: Miglioramenti nella Gestione della GPU e Nuove Funzionalità

CVE-2025-46338 – Audiobookshelf Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2024-13793 – Walmart | WooCommerce Theme WordPress Shortcode Injection Vulnerability

Related Posts