CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/04/22 11:12 a.m.•78 views

CVE-2025-3472

The CVE-2025-3472 entry concerns the Ocean Extra WordPress plugin (versions up to and including 2.4.6). The vulnerability arises from inadequate validation in handling shortcodes via do_shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is installed and...

9.8CVSS6.7AI score0.11954EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/04/13 1:42 p.m.•24 views

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

6.3CVSS7.3AI score0.00365EPSS

RedhatCVE•added 2025/04/12 8:9 a.m.•21 views

CVE-2025-2809

The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

7.3CVSS7.9AI score0.00548EPSS

OSV•added 2025/04/11 1:15 p.m.•5 views

CVE-2025-3422

6.3CVSS7.1AI score

NVD•added 2025/04/11 1:15 p.m.•13 views

CVE-2025-3422

6.3CVSS0.00365EPSS

Vulnrichment•added 2025/04/11 12:42 p.m.•12 views

CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS7.2AI score0.00365EPSS

Cvelist•added 2025/04/11 12:42 p.m.•17 views

CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS0.00365EPSS

NVD•added 2025/04/10 7:15 a.m.•11 views

CVE-2025-2805

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

NVD•added 2025/04/10 7:15 a.m.•9 views

CVE-2025-2809

Vulnrichment•added 2025/04/10 7:2 a.m.•6 views

CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

CVE•added 2025/04/10 7:2 a.m.•69 views

CVE-2025-2805

CVE-2025-2805 is an unauthenticated arbitrary shortcode execution in the ORDER POST WordPress plugin (versions up to 2.0.2). The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes. Wordfence & the CVE entry list this as a high-severit...

CVE•added 2025/04/10 7:2 a.m.•62 views

CVE-2025-2809

CVE-2025-2809 affects the WordPress plugin “azurecurve Shortcodes in Comments” (vulnerable through version 2.0.2). The issue is unauthenticated arbitrary shortcode execution caused by calling do_shortcode without proper value validation. This allows an attacker, without authentication, to execute...

Cvelist•added 2025/04/10 7:2 a.m.•15 views

CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Vulnrichment•added 2025/04/10 7:2 a.m.•6 views

CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Vulnrichment•added 2025/03/31 12:55 p.m.•5 views

CVE-2025-31606 WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0...

4.8CVSS6.9AI score0.00294EPSS

RedhatCVE•added 2025/03/31 7:34 a.m.•13 views

CVE-2025-2803

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS7.9AI score0.00548EPSS

NVD•added 2025/03/29 7:15 a.m.•7 views

CVE-2025-2803

Vulnrichment•added 2025/03/29 7:3 a.m.•5 views

CVE-2024-13557 Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

6.5CVSS7.6AI score0.0063EPSS