8984 matches found
Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before...
WordPress Customer Email Verification for WooCommerce plugin <= 2.9.5 - Authentication Bypass via Shortcode vulnerability
Authentication Bypass via Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Email Verification for WooCommerce versions = 2.9.5...
WordPress Global Gallery - WordPress Responsive Gallery plugin <= 9.1.5 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
WordPress Global Gallery - WordPress Responsive Gallery plugin = 9.1.5 - Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Plugin Global Gallery versions = 9.1.5...
CVE-2024-13487
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2025-25081 WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1...
CVE-2025-25081 WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in DeannaS Embed RSS embed-rss allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Embed RSS: from n/a through = 3.1...
CVE-2024-13841
The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This...
WordPress plugin Builder Shortcode Extras 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress Builder Shortcode Extras plugin <= 1.0.0 - Authenticated (Contributor+) Post Disclosure vulnerability
Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Builder Shortcode Extras versions = 1.0.0...
CVE-2024-13487
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2024-13487
CVE-2024-13487 affects CURCY – Multi Currency for WooCommerce (
CVE-2024-13487 CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function
The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the getproductsprice function in all versions up to, and including, 2.2.5. This is due to the software...
CVE-2025-23449
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in davidpuc Simple shortcode buttons simple-shortcode-buttons allows Reflected XSS.This issue affects Simple shortcode buttons: from n/a through = 1.3.2...
CVE-2025-24636
Cross-Site Request Forgery CSRF vulnerability in Rick Laymance MachForm Shortcode machform-shortcode allows Stored XSS.This issue affects MachForm Shortcode: from n/a through = 1.4.1...
CVE-2025-22555
Cross-Site Request Forgery CSRF vulnerability in njshofe Smoothness Slider Shortcode smoothness-slider-shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through = v1.2.2...
WordPress plugin CURCY 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2025-5801 · Woocommerce · Curcy – Multi Currency For Woocommerce
Name of the Vulnerable Software and Affected Versions: The CURCY – Multi Currency for WooCommerce versions up to, and including, 2.2.5 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do...
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the bookingflextimeline shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site...
WordPress CURCY – Multi Currency for WooCommerce plugin <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function vulnerability
Unauthenticated Arbitrary Shortcode Execution via getproductsprice Function vulnerability discovered by mikemyers in WordPress Plugin CURCY versions = 2.2.5...