8990 matches found
CVE-2024-13812
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13812 Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13812
CVE-2024-13812 : The Anps Theme plugin for WordPress is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 1.1.1. The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes. The vulnerability i...
CVE-2024-13812 Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2801
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-2801
CVE-2025-2801 concerns the WordPress plugin abcsubmit (WordPress Form Builder) , where versions up to and including 1.2.4 are vulnerable. The root cause is improper validation before running the WordPress shortcode handler, allowing unauthenticated attackers to execute arbitrary shortcodes . Docu...
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-3472
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
WordPress plugin Anps Theme plugin 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-17956 · Unknown · Anps Theme
Name of the Vulnerable Software and Affected Versions: The Anps Theme plugin versions up to, and including, 1.1.1 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value before running do...
PT-2025-17945 · WordPress · Smart Form Plugin
Name of the Vulnerable Software and Affected Versions: Create custom forms for WordPress with a smart form plugin for smart businesses versions 1.2.4 and earlier Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a...
CVE-2025-39432
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in antonchanning bbPress2 shortcode whitelist bbpress2-shortcode-whitelist allows Stored XSS.This issue affects bbPress2 shortcode whitelist: from n/a through = 2.2.1...
WordPress Flickr Shortcode Importer plugin <= 2.2.3 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin Flickr Shortcode Importer versions = 2.2.3...
WordPress BeerXML Shortcode plugin <= 0.7.1 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by ch4r0n in WordPress Plugin BeerXML Shortcode versions = 0.7.1...
WordPress GNA Search Shortcode plugin <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by johska in WordPress Plugin GNA Search Shortcode versions = 0.9.5...
CVE-2025-46540
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Search Shortcode: from n/a through = 0.9.5...
CVE-2025-46511
Server-Side Request Forgery SSRF vulnerability in Derek Springer BeerXML Shortcode beerxml-shortcode allows Server Side Request Forgery.This issue affects BeerXML Shortcode: from n/a through = 0.7.1...
CVE-2025-46481
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer flickr-shortcode-importer allows Object Injection.This issue affects Flickr Shortcode Importer: from n/a through = 2.2.3...
CVE-2025-46481 WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3...