Close Menu
    Subscribe
    Alerts

    CVE-2026-2582 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via ‘account_holder’ parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

    PUBLISHED Reserved 2026-02-16 | Published 2026-04-14 | Updated 2026-04-14 | Assigner Wordfence

    MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

    Problem types

    CWE-94 Improper Control of Generation of Code (‘Code Injection’)

    Product status

    Default status
    unaffected

    Any version
    affected

    Timeline

    2026-02-07: Discovered
    2026-03-30: Vendor Notified
    2026-04-13: Disclosed

    Credits

    Chiao-Lin Yu finder

    References

    www.wordfence.com/…-576f-4c25-9540-6144ddc8630e?source=cve

    plugins.trac.wordpress.org/…c-gzd-gateway-direct-debit.php

    plugins.trac.wordpress.org/…c-gzd-gateway-direct-debit.php

    cve.org (CVE-2026-2582)

    nvd.nist.gov (CVE-2026-2582)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.