First published: Sat Mar 15 2025(Updated: )
Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ohio Extra allows Code Injection. This issue affects Ohio Extra: from n/a through 3.4.7.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
NotFound Ohio | <=3.4.7 | |
WordPress Ohio Theme Extra plugin | <=3.4.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26924 has a moderate severity level due to its potential for code injection.
To fix CVE-2025-26924, upgrade Ohio Extra and the Ohio Theme Extra plugin to version 3.4.8 or higher.
CVE-2025-26924 can facilitate code injection attacks, allowing attackers to execute arbitrary code.
CVE-2025-26924 affects Ohio Extra versions up to and including 3.4.7.
Yes, CVE-2025-26924 is specifically associated with the Ohio Theme Extra plugin for WordPress.