WordPress So-Called Air Quotes plugin <= 0.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Avraham Shemesh in WordPress Plugin So-Called Air Quotes versions = 0.1...

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by theviper17 in WordPress Plugin PDF for WPForms versions = 5.3.0...

CVE-2025-1437

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Advanced Woo Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Advanced Woo Search plugin <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via awssearchterms Shortcode vulnerability discovered by yudha in WordPress Plugin Advanced Woo Search versions = 3.28...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin 4.11.13-5.25.08 - CSRF to RCE vulnerability

CSRF to RCE vulnerability discovered by luckybuddy in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions 4.11.13-5.25.08...

WordPress plugin EZ SQL Reports Shortcode Widget and DB Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress DesignThemes Core Features plugin <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin DesignThemes Core Features versions = 4.8...

CVE-2025-30541

CVE-2025-30541 is a CSRF vulnerability in the WordPress plugin “Info Boxes Shortcode and Widget.” Affected versions are up to 1.15 (from n/a through 1.15). The CVSS 3.1 base metrics indicate an overall MEDIUM impact (4.3), requiring user interaction with networked access and low attack complexity...

CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Info Boxes Shortcode and Widget allows Cross Site Request Forgery. This issue affects Info Boxes Shortcode and Widget: from n/a through 1.15...

CVE-2025-30541 WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in OTWthemes Info Boxes Shortcode and Widget info-boxes-shortcode-and-widget allows Cross Site Request Forgery.This issue affects Info Boxes Shortcode and Widget: from n/a through = 1.15...

WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Info Boxes Shortcode and Widget versions = 1.15...

WordPress plugin Info Boxes Shortcode and Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Info Boxes...

CVE-2025-2262

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

VulnCheck KEV: CVE-2024-3808

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...