Germanized For Woocommerce

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-2582 MEDIUM This Month

Unauthenticated attackers can execute arbitrary WordPress shortcodes in the Germanized for WooCommerce plugin (all versions up to 3.20.5) via the 'account_holder' parameter, which bypasses shortcode validation in the do_shortcode() function. This enables remote code execution with medium severity (CVSS 6.5) affecting any WordPress site with the vulnerable plugin installed. No public exploit code or active exploitation has been confirmed at the time of analysis.

Code Injection RCE WordPress Germanized For Woocommerce

NVD

CVSS 3.1

6.5

EPSS

0.1%

CVE-2026-2582

EPSS 0% CVSS 6.5

MEDIUM This Month

Unauthenticated attackers can execute arbitrary WordPress shortcodes in the Germanized for WooCommerce plugin (all versions up to 3.20.5) via the 'account_holder' parameter, which bypasses shortcode validation in the do_shortcode() function. This enables remote code execution with medium severity (CVSS 6.5) affecting any WordPress site with the vulnerable plugin installed. No public exploit code or active exploitation has been confirmed at the time of analysis.

Code Injection RCE WordPress +1

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy