9013 matches found
CVE-2025-23449
CVE-2025-23449 is a reflected XSS in the NotFound Simple shortcode buttons of the WordPress Simple Shortcode Buttons plugin, affecting versions n/a–1.3.2. Root cause: improper input neutralization during web page generation. CVSS v3.1 base score 7.1 (HIGH). No explicit public exploit status or re...
CVE-2024-13499
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13495
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13499
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13495
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13499 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13499 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13495
CVE-2024-13495 affects the WordPress plugin GamiPress – Gamification (versions up to and including 7.2.1). The flaw is in gamipress_ajax_get_logs(), where user-supplied values are not properly validated before do_shortcode is invoked, allowing unauthenticated attackers to execute arbitrary shortc...
CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13499
The WordPress plugin GamiPress – Gamification (up to 7.2.1) is vulnerable to unauthenticated arbitrary shortcode execution via gamipress_do_shortcode() because input is not properly validated before running do_shortcode. The CVE (CVE-2024-13499) is reported by multiple sources (NVD entry, Red Hat...
CVE-2024-13361
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13361 AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13361
CVE-2024-13361 involves the WordPress plugin “AI Power: Complete AI Pack.” The vulnerability arises from a missing capability check in wpaicg_save_image_media across versions up to 1.8.96, enabling authenticated attackers with Subscriber+ access to upload image files and embed shortcode attribute...
CVE-2024-13361 AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgsaveimagemedia function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-13590
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-2223 · WordPress · The Picture Gallery – Frontend Image Uploads
Name of the Vulnerable Software and Affected Versions: Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress versions up to, and including, 1.5.19 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'videowhisper pictures' shortcode due to...
WordPress plugin GamiPress 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
PT-2025-1864 · WordPress · Avada Builder
Name of the Vulnerable Software and Affected Versions: Avada Builder plugin for WordPress versions up to, and including, 3.11.11 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes. This allows authenticated...
PT-2025-2189 · WordPress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue arises due to the software allowing users to execute an action that does not properly...
PT-2025-2225 · WordPress · Ketchup Shortcodes
Name of the Vulnerable Software and Affected Versions: Ketchup Shortcodes plugin for WordPress versions up to, and including, 0.1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode due to insufficient input sanitization and output escaping on...