VulnCheck KEV: CVE-2025-15488

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

EUVD-2025-209044

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

CVE-2025-15488

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

CVE-2025-15488

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

CVE-2025-15488 Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

PT-2026-28213

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update responsive woo free shipping left shortcode AJAX action that does not properly validate the content rech data parameter before...

CVE-2024-13834

CVE-2024-13834 refers to a Server-Side Request Forgery in the WordPress plugin Responsive Plus (starter templates/advanced features/customizer) up to version 3.1.4, exploitable by an authenticated user with contributor+ rights via the remote_request function. The vulnerability allows web requests...

CVE-2024-13834 Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme <= 3.1.4 - Authenticated (Contributor+) Blind Server-Side Request Forgery via remote_request

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remoterequest' function. This makes it possible for authenticated attacker...