VYPR
Medium severity5.4NVD Advisory· Published Feb 27, 2024· Updated Apr 8, 2026

CVE-2024-1687

CVE-2024-1687

Description

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.

Affected products

2
  • cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*+ 1 more
    • cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*range: <=1.1.3
    • (no CPE)range: <=1.1.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.