CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to insufficient input sanitization and output escaping in the rendershortcodepreview function. The function receives user inpu...

EUVD-2026-20103

The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...

WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressdoshortcode Function vulnerability discovered by abrahack in WordPress Plugin GamiPress versions = 7.2.1...

EUVD-2025-197883

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-8105

CVE-2025-8105 relates to the Soledad WordPress theme (versions ≤ 8.6.7). The vulnerability allows unauthenticated attackers to trigger arbitrary shortcode execution via do_shortcode due to insufficient value validation. Multiple sources (Wordfence, NVD, patched advisories) confirm the issue and i...

PT-2025-33593 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions prior to 4.16.5 Description: The ProfilePress WordPress plugin is susceptible to arbitrary shortcode execution. The software does not properly validate a value before running do shortcode, allowing unauthenticated...

WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

PT-2025-6454 · WordPress · The Global Gallery

Name of the Vulnerable Software and Affected Versions: The Global Gallery - WordPress Responsive Gallery plugin for WordPress versions up to, and including, 9.1.5 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before...

WordPress plugin GamiPress 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

PT-2025-2189 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue arises due to the software allowing users to execute an action that does not properly...

PT-2025-2191 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue is related to arbitrary shortcode execution via the gamipress do shortcode function. This ...

PT-2025-1617 · WordPress · The Motors – Car Dealer

Name of the Vulnerable Software and Affected Versions: The Motors – Car Dealer, Classifieds & Listing plugin for WordPress versions 1.4.43 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes due to the software...

PT-2024-17378 · WordPress · Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress versions up to, and including, 5.4.10 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress plugin The WP Photo Album Plus 代码注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is a fundraising platform plugin used in it.WordPress plugin is an application...

WordPress plugin The FOX 代码注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is a fundraising platform plugin used in it.WordPress plugin is an application...

PT-2024-39047 · WordPress · Special Text Boxes

Name of the Vulnerable Software and Affected Versions: The Special Text Boxes plugin for WordPress versions up to and including 6.2.2 Description: The issue is related to arbitrary shortcode execution. This is due to the plugin adding the filter add filter'comment text','do shortcode';, which run...