Approved changes feed: RSS · Atom

cpe:2.3:a:joomunited:wp_latest_posts:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorJoomunited (ac4800e3-8d14-52d4-a07b-f57bf4934a04)
ProductWp Latest Posts (ca00f7af-dace-5cb2-a58e-0b865f56623b)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wp-plugins/wp-latest-posts purl2cpe 2026-06-01 10:11:30.901818

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-4135 vulnerable 2026-06-08 06:50:17.081225 WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
MEDIUM (5.4)
The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Published: 2024-05-08T09:31:35.378Z
Updated: 2026-04-08T16:54:28.700Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.