398 matches found
CVE-2025-48120 WordPress MapSVG Lite plugin <= 8.6.4 - Arbitrary Shortcode Execution vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in RomanCode MapSVG Lite allows Code Injection. This issue affects MapSVG Lite: from n/a through 8.6.4...
CVE-2024-13793
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2025-2802
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13738
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13738
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13738
CVE-2024-13738 affects the WordPress theme “Motors – Car Dealer, Rental & Listing” for versions up to 5.6.65. The issue is an unauthenticated arbitrary shortcode execution caused by insufficient validation before running do_shortcode, enabling an attacker to run arbitrary shortcodes. Connected so...
CVE-2024-13738 Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2025-2801
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2024-13812
CVE-2024-13812 : The Anps Theme plugin for WordPress is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to and including 1.1.1. The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes. The vulnerability i...
CVE-2024-13812 Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13812 Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2801
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-2801 Create custom forms for WordPress with a smart form plugin for smart businesses <= 1.2.4 - Unauthenticated Arbitrary Shortcode Execution
The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate ...
CVE-2025-2801
CVE-2025-2801 concerns the WordPress plugin abcsubmit (WordPress Form Builder) , where versions up to and including 1.2.4 are vulnerable. The root cause is improper validation before running the WordPress shortcode handler, allowing unauthenticated attackers to execute arbitrary shortcodes . Docu...
PT-2025-17956 · Unknown · Anps Theme
Name of the Vulnerable Software and Affected Versions: The Anps Theme plugin versions up to, and including, 1.1.1 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value before running do...
CVE-2025-3472
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-3472
The CVE-2025-3472 entry concerns the Ocean Extra WordPress plugin (versions up to and including 2.4.6). The vulnerability arises from inadequate validation in handling shortcodes via do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is installed and...