CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13926 – WP-Syntax <= 1.2 - Author+ Potential ReDoS
https://notcve.org/view.php?id=CVE-2024-13926
19 Apr 2025 — The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS. • https://wpscan.com/vulnerability/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 3CVE-2009-2852 – WP Syntax < 0.9.10 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2852
13 Apr 2009 — WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. WP-Syntax plugin v0.9.1 y anteriores de Wordpress, que activan register_globals, permiten a atacantes remotos ejecutar código PHP a su elección a través del parámetro del array test_filter[wp_head]de test/index.php, que es usado en la llamada a la fun... • https://www.exploit-db.com/exploits/9431 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •