CVE-2026-7650

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the e2pdf-download shortcode in all versions up to, and including, 1.32.17. This is due to insufficient input sanitization and output escaping on the shortcode...

CVE-2026-7650

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) flaw in the e2pdf-download shortcode’s id attribute. Versions up to and including 1.32.17 are vulnerable due to insufficient input sanitization and output escaping of the shortcode at...

WordPress Download Shortcode Plugin <= 0.2.0 - Arbitrary File Disclosure

This plugin is prone to "file" arbitrary file disclosure vulnerability. Solution Update the plugin...

WordPress Download Shortcode Plugin <= 0.2.0 - Arbitrary File Disclosure

This plugin is prone to "file" arbitrary file disclosure vulnerability. Solution Update the plugin...

WordPress download-shortcode 1.1 /wp-content/force-download.php 本地文件包含漏洞

No description provided by source...

Directory traversal

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-5465

The CVE-2014-5465 issue affects the WordPress ShortCode Plugin (Download ShortCode) version 0.2.3 and earlier, where force-download.php is vulnerable to directory traversal via a .. in the file parameter, enabling reading arbitrary local files. OpenVAS/PRION/CVE references corroborate a Local Fil...

CVE-2014-5465

Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Plugin Download Link :...

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion

WordPress Plugin ShortCode 0.2.3 - Local File Inclusion Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download...

WordPress ShortCode 0.2.3 Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Vendor Home : http://werdswords.com/ Date :...

Download Shortcode - "file" Arbitrary File Disclosure

The download-shortcode WordPress plugin was affected by a "file" Arbitrary File Disclosure security vulnerability...