CVE-2024-11976 BuddyPress <= 14.3.3 - Unauthenticated Arbitrary Shortcode Execution

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11976

CVE-2024-11976 : The BuddyPress WordPress plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 14.3.3 due to insufficient validation before running do_shortcode. This allows attackers to execute arbitrary shortcodes on affected sites. Remediati...

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

CVE-2025-14745

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on...

CVE-2025-14745

CVE-2025-14745 affects the WordPress plugin “RSS Aggregator” (WP RSS Aggregator) up to version 5.0.10. It enables Stored XSS via the wp-rss-aggregator shortcode due to insufficient input sanitization and output escaping on user attributes. Exploitation requires authenticated access at contributor...

CVE-2025-15522 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.10.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatordiscordusermapping shortcode in all versions up to, and including, 6.10.0.2 due to insufficient input sanitization and output...

CVE-2025-15522

CVE-2025-15522 : Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to a stored cross-site scripting (XSS) via the shortcode automator_discord_user_mapping in all versions up to 6.10.0.2. The issue arises from insufficient input saniti...

WordPress Plugin BuddyPress Code Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-4326

Name of the Vulnerable Software and Affected Versions BuddyPress plugin for WordPress versions prior to 14.3.4 Description The BuddyPress plugin for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate input before running the do...

CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-24353

CVE-2026-24353 affects the WordPress plugin User Registration (WordPress User Registration plugin) up to version 4.4.9. Root cause: Missing/incorrect authorization configuration enabling an attacker to perform actions (arbitrary shortcode execution) via user-registration area. Impact per sources ...

CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2026-22469

CVE-2026-22469 affects the WordPress theme/kit DeepDigital: DeepDigital WordPress Theme (DeepDigital) up to and including version 1.0.2. The vulnerability is described as an Unauthenticated Arbitrary Shortcode Execution caused by improper neutralization of script-related HTML tags in a web page, ...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-69001

CVE-2025-69001 affects the WordPress plugin FluentForm (FluentForm/fluentform) up to version 6.1.11. The issue is an Improper Control of Generation of Code (Code Injection) that enables Arbitrary Shortcode Execution. Public sources (NVD/Red Hat/ CVE records) confirm the vulnerability and indicate...

CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...