CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/12 12:0 a.m.•3 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS6.2AI score0.00113EPSS

EUVD•added 2026/04/14 6:43 a.m.•2 views

EUVD-2026-22223

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS6.2AI score0.00164EPSS

NVD•added 2026/04/08 7:16 a.m.•1 views

CVE-2026-3480

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

6.5CVSS0.00015EPSS

Exploits0References7

Vulnrichment•added 2026/04/08 6:43 a.m.•2 views

CVE-2026-3480 WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter

6.5CVSS6AI score0.00015EPSS

Exploits0References7

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00057EPSS

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

5.2CVSS6.1AI score0.00009EPSS

NVD•added 2026/03/21 4:17 a.m.•2 views

CVE-2026-4004

6.5CVSS0.00057EPSS

Exploits0References7

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.0016EPSS

Cvelist•added 2026/03/21 3:26 a.m.•25 views

CVE-2024-13785 Contact Form, Survey, Quiz & Popup Form Builder – ARForms <= 1.7.2 - Unauthenticated Blind Arbitrary Shortcode Execution

5.6CVSS0.0016EPSS

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26796

5.6CVSS6.2AI score0.0016EPSS

RedhatCVE•added 2026/02/19 1:28 p.m.•3 views

CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

5.4CVSS6.1AI score0.00015EPSS

CVE•added 2026/02/18 8:26 a.m.•8 views

CVE-2026-2127

CVE-2026-2127 describes an authenticated arbitrary shortcode execution flaw in the WordPress plugin SiteOrigin Widgets Bundle (versions

5.4CVSS6.1AI score0.00015EPSS

Exploits0References6

NVD•added 2025/12/09 4:17 p.m.•2 views

CVE-2025-13642

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

5.4CVSS0.0005EPSS

Exploits0References4

CVE•added 2025/11/17 10:27 p.m.•9 views

CVE-2025-7711

CVE-2025-7711 affects The Classified Listing – Classified ads & Business Directory Plugin for WordPress. The vulnerability arises from improper validation before do_shortcode, enabling authenticated users with Subscriber+ privileges to execute arbitrary shortcodes via listing descriptions. Affect...

5.4CVSS6.1AI score0.00047EPSS

RedhatCVE•added 2025/10/26 7:16 a.m.•4 views

CVE-2025-8483

The The Discussion Board – WordPress Forum Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.5.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Th...

6.3CVSS6.5AI score0.00104EPSS

NVD•added 2025/10/25 7:15 a.m.•3 views

CVE-2025-8483

6.3CVSS0.00104EPSS

Positive Technologies•added 2025/10/25 12:0 a.m.•3 views

PT-2025-43727

Name of the Vulnerable Software and Affected Versions The Discussion Board – WordPress Forum Plugin versions prior to 2.5.5 Description The software allows users to execute an action that does not properly validate a value before running do shortcode. This can allow authenticated attackers with...

6.3CVSS7AI score0.00104EPSS

Exploits0References6

NVD•added 2025/09/09 5:15 a.m.•1 views

CVE-2025-9489

The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

5CVSS0.00097EPSS

Vulnrichment•added 2025/09/09 4:25 a.m.•2 views

CVE-2025-9489 WP-Members Membership Plugin <= 3.5.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Profile Names

5CVSS5.9AI score0.00097EPSS