CVE-2024-10970

CVE-2024-10970 (The Motors – Car Dealer, Classifieds & Listing plugin for WordPress) is exposed in all versions up to 1.4.43. The root cause is that the plugin allows a value to be passed into do_shortcode without proper validation, enabling an authenticated attacker (Subscriber+ level) to execut...

CVE-2024-10970 Motors – Car Dealer, Classifieds & Listing <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

WordPress Motors plugin <= 1.4.43 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Custom Title vulnerability discovered by WordFence in WordPress Plugin Motors versions = 1.4.43...

CVE-2024-12419

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-12419 Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-11733 WordPress Popular Posts <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution

The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-12238

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-12238 Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.22 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before runni...

CVE-2024-11977

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-11977

CVE-2024-11977 concerns the kk Star Ratings – Rate Post & Collect User Feedbacks WordPress plugin. The WordPress plugin is vulnerable to arbitrary shortcode execution in all versions up to and including 5.4.10 due to unvalidated input passed to do_shortcode, enabling unauthenticated attackers to ...

CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution

The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress kk Star Ratings plugin <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin kk Star Ratings versions = 5.4.10...

CVE-2024-11740

CVE-2024-11740 affects the WordPress plugin “Download Manager” (WordPress.org: Download Manager) and is exploitable unauthenticated via arbitrary shortcode execution. The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes in versions ...

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11740 Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution

The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-11012 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text

The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njtnofitext AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11012

CVE-2024-11012 (Notibar – Notification Bar for WordPress) is a vulnerability in the Notibar WordPress plugin where an authenticated user with Subscriber+ privileges can trigger arbitrary shortcode execution through the njt_nofi_text AJAX action. The root cause is lack of proper validation before ...