3 matches found
CVE-2025-7369
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...
CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...
CVE-2025-7369
CVE-2025-7369 affects the WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.2. The issue is Cross-Site Request Forgery due to missing/incorrect nonce validation on the preview function, enabling unauthenticated attackers to cause arbitrary shortcode execution by deceiv...