CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12415 – AI Infographic Maker <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12415
30 Jan 2025 — The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/infographic-and-list-builder-ilist/trunk/embed/qcld-embed-link.php#L46 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5858 – Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update
https://notcve.org/view.php?id=CVE-2024-5858
14 Jun 2024 — The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles. El complemento AI Infographic Maker para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la ... • https://plugins.trac.wordpress.org/browser/infographic-and-list-builder-ilist/trunk/qc-project-ilist-ajax.php?rev=3102295#L447 • CWE-862: Missing Authorization •