CVE-2026-2582

| EUVD-2026-22223 MEDIUM
2026-04-14 Wordfence
Code Injection RCE WordPress Germanized For Woocommerce
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 07:25 vuln.today

DescriptionNVD

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

AnalysisAI

Unauthenticated attackers can execute arbitrary WordPress shortcodes in the Germanized for WooCommerce plugin (all versions up to 3.20.5) via the 'account_holder' parameter, which bypasses shortcode validation in the do_shortcode() function. This enables remote code execution with medium severity (CVSS 6.5) affecting any WordPress site with the vulnerable plugin installed. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-2582 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy