What the vulnerability does
01Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
IF AS Shortcode versions 1.2 and earlier contain a code injection vulnerability. An attacker with low-level site access can inject and execute arbitrary PHP code, gaining full control over the site. The vulnerability affects all confidentiality, integrity, and availability of the site. Update to a version newer than 1.2 immediately.
What an attacker can do
Run arbitrary PHP code on the site with full site privileges.
Potential impact on your site
Complete site compromise: data theft, malware injection, site defacement, or total takeover.
Conditions required to exploit
Attacker needs a low-privilege user account (subscriber or contributor level).
Key dates
External resources