WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability

Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...

PT-2025-41504

Name of the Vulnerable Software and Affected Versions The Booking Manager WordPress plugin versions prior to 2.1.15 Description The Booking Manager WordPress plugin has an issue where a shortcode capable of deleting bookings is registered and accessible to users with contributor privileges or...

EUVD-2023-33777

Malicious code in bioql PyPI...

EUVD-2024-50538

Malicious code in bioql PyPI...

CVE-2024-12018

The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...

CVE-2023-2271

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...

CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion

The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...

CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion

The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...

WordPress Advance Search plugin <= 1.1.6 - Shortcode Deletion via CSRF vulnerability

Shortcode Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Advanced Search versions = 1.1.6...

CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2023-2271

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...

CVE-2023-2271 Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack...

PT-2023-18652 · WordPress · Tiempo.Com Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Tiempo.com WordPress plugin versions 0.1.2 and earlier Description: The issue is related to the lack of a CSRF check when deleting a shortcode in the Tiempo.com WordPress plugin. This could allow attackers to make logged-in admins delete...

Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF

The plugin does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack Make a logged in admin open the URL below, this will make them delete the shortcode with ID 1...