CVE-2024-13895

The CVE CVE-2024-13895 applies to the WordPress plugin Code Snippets CPT (Code Snippets CPT) and affects versions up to 2.1.0. The root cause is insufficient validation of values before the plugin runs do_shortcode, allowing an authenticated user with Subscriber-level access or higher to trigger ...

CVE-2024-13895 Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Code Snippets CPT plugin <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Code Snippets CPT versions = 2.1.0...

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13815 Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Listingo plugin <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme Listingo versions = 3.2.7...

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806

CVE-2024-13806 – The Authors List plugin for WordPress (versions

WordPress plugin The Authors List 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection vulnerabili...

PT-2025-9162 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to and including 2.0.6 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to...

WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP-Asambleas versions = 2.85.0...

CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

CVE-2025-1509

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-1510

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2024-13792

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...