A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them.

The flaw is rather straightforward and stems from the fact that one API endpoint called /api/v1/validate/code had missing authentication checks and passed code to the Python exec function.