8984 matches found
CVE-2024-13346
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13345
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
PT-2025-6560 · WordPress · Customer Email Verification For Woocommerce
Name of the Vulnerable Software and Affected Versions: Customer Email Verification for WooCommerce plugin for WordPress versions up to, and including, 2.9.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including emails an...
PT-2025-6567 · WordPress · Front End Users
Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.30 Description: The issue is related to Stored Cross-Site Scripting via the plugin's forgot-password shortcode due to insufficient input sanitization and output escaping ...
CVE-2025-24564
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...
CVE-2025-24564 WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...
CVE-2025-24564
CVE-2025-24564 corresponds to a WordPress plugin vulnerability: WordPress plugin “Contact Form With Shortcode” (versions up to 4.2.5) suffers a Reflected XSS due to improper input neutralization during page generation. The issue is tracked across multiple feeds (Red Hat, NVD, CVE List) with the s...
CVE-2024-13814
The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...
WordPress plugin Contact Form With Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
PT-2025-7021 · Unknown · Contact Form With Shortcode
Name of the Vulnerable Software and Affected Versions: Contact Form With Shortcode versions n/a through 4.2.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...
CVE-2024-13346
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13346
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13345
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13345
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13345 Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13345 Avada Builder <= 3.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13346
CVE-2024-13346 affects the Avada Theme for WordPress & WooCommerce (up to version 7.11.13). It enables unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode, potentially allowing code execution via shortcodes. Public exploits exist (example exploit scripts) ...
CVE-2024-13346 Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13346 Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
WordPress plugin Avada | Website Builder For WordPress & WooCommerce 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...