CVE-2024-12417

The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible...

CVE-2024-12420

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12421

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12420 WPMobile.App — Android and iOS Mobile Application <= 11.52 - Unauthenticated Arbitrary Shortcode Execution

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12421

The Coupon Affiliates – Affiliate Plugin for WooCommerce for WordPress is affected by CVE-2024-12421, enabling unauthenticated arbitrary shortcode execution via an unchecked value in do_shortcode (and also Reflected XSS). The Cross-Site Scripting was patched in 5.16.7.1, while the arbitrary short...

CVE-2024-12420

CVE-2024-12420 affects the WordPress plugin WPMobile.App (Android/iOS) and allows unauthenticated users to trigger arbitrary shortcode execution via do_shortcode due to improper value validation. Version coverage includes all up to 11.52. Public details show the issue involves executing shortcode...

CVE-2024-12421 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress WoodMart plugin <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Theme WoodMart versions = 8.0.3...

CVE-2024-12333

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...

CVE-2024-12333

CVE-2024-12333 affects the Woodmart WordPress theme. The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via the woodmart_instagram_ajax_query AJAX action because a value is not properly validated before running do_shortcode. This is a shortcode execution flaw in al...

CVE-2024-12333 WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...

CVE-2024-10910

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10910

CVE-2024-10910 affects Grid Plus – Unlimited grid layout (WordPress) up to version 1.3.5. The flaw allows unauthenticated attackers to execute arbitrary shortcodes via the grid_plus_load_by_category AJAX action, because a value used by do_shortcode is not properly validated. Status: the vulnerabi...

CVE-2024-10910 Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category

The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via gridplusloadbycategory AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value...

WordPress Grid Plus plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category vulnerability

Unauthenticated Arbitrary Shortcode Execution via gridplusloadbycategory vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Grid Plus versions = 1.3.5...

WordPress plugin Grid Plus 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

CVE-2024-10959

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959

CVE-2024-10959 details (Wordfence/Red Hat source): Affected software is the WordPress plugin Active Products Tables for WooCommerce. Use constructor to create tables . The vulnerability is an unauthenticated arbitrary shortcode execution via the woot_get_smth AJAX action, caused by executing do_s...

CVE-2024-10909

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...