Medium severity5.4NVD Advisory· Published May 8, 2024· Updated Apr 15, 2026

CVE-2024-4135

Description

The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Wp Latest Postsinferred2 versions
<=5.0.7+ 1 more
- (no CPE)range: <=5.0.7
- (no CPE)range: <=5.0.7
Package: https://wordpress.org/plugins/wp-latest-posts

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3081119/wp-latest-postsnvd
www.wordfence.com/threat-intel/vulnerabilities/id/57d90ba7-b655-4655-981c-548ff96c3bb7nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000