Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8984 matches found

CVE
CVEadded 2025/03/08 2:24 a.m.42 views

CVE-2024-13895

The CVE CVE-2024-13895 applies to the WordPress plugin Code Snippets CPT (Code Snippets CPT) and affects versions up to 2.1.0. The root cause is insufficient validation of values before the plugin runs do_shortcode, allowing an authenticated user with Subscriber-level access or higher to trigger ...

6.3CVSS5.1AI score0.00258EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2025/03/08 2:24 a.m.24 views

CVE-2024-13895 Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

4.3CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/08 2:24 a.m.7 views

CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export

The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloadbackup function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.5CVSS6.8AI score0.00304EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/03/08 2:24 a.m.21 views

CVE-2025-1481 Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export

The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the downloadbackup function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

6.5CVSS0.00304EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/03/08 1:28 a.m.4 views

WordPress Code Snippets CPT plugin <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Code Snippets CPT versions = 2.1.0...

6.3CVSS7.2AI score0.00258EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2025/03/08 12:0 a.m.3 views

WordPress plugin Shortcode Cleaner Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.5AI score0.00304EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/03/08 12:0 a.m.5 views

WordPress plugin WP-Recall 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

4.3CVSS8.3AI score0.00417EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/03/07 9:42 a.m.7 views

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS7.8AI score0.00344EPSS
Exploits0References1
NVD
NVDadded 2025/03/05 10:15 a.m.4 views

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS0.00344EPSS
Exploits0References2
OSV
OSVadded 2025/03/05 10:15 a.m.3 views

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS7.4AI score0.00268EPSS
Exploits0References3
OSV
OSVadded 2025/03/05 10:15 a.m.2 views

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS7.4AI score
Exploits0References3
CVE
CVEadded 2025/03/05 9:21 a.m.40 views

CVE-2024-13815

CVE-2024-13815 concerns the Listingo WordPress theme (

6.5CVSS7.9AI score0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/05 9:21 a.m.8 views

CVE-2024-13815 Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS7.9AI score0.00344EPSS
Exploits0References2
Patchstack
Patchstackadded 2025/03/04 11:10 p.m.3 views

WordPress Master Slider plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via msslider Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Master Slider versions = 3.10.7...

6.4CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2025/03/04 10:44 p.m.3 views

WordPress Listingo plugin <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme Listingo versions = 3.2.7...

6.5CVSS7.1AI score0.00344EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/03/04 9:15 a.m.7 views

CVE-2025-0512

The Structured Content JSON-LD wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/03/03 8:20 a.m.6 views

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS7.5AI score0.00344EPSS
Exploits0References1
NVD
NVDadded 2025/03/01 8:15 a.m.7 views

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS0.00344EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/03/01 7:24 a.m.13 views

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/01 7:24 a.m.8 views

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.5CVSS6.8AI score0.00344EPSS
Exploits0References2
Rows per page
Query Builder