Medium severity5.4NVD Advisory· Published Feb 27, 2024· Updated Apr 8, 2026
CVE-2024-1687
CVE-2024-1687
Description
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
Affected products
2cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*+ 1 more
- cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*range: <=1.1.3
- (no CPE)range: <=1.1.2
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changesetnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/310afe02-3a51-4633-b359-65ae58d0c032nvdThird Party Advisory
News mentions
0No linked articles in our index yet.