CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

CVE-2025-9519

CVE-2025-9519 affects the WordPress plugin Easy Timer (≤ 4.2.1). The issue enables Remote Code Execution via shortcode attributes due to insufficient restriction, exploitable by authenticated users with Editor level access or higher. Reported CVSS v3.1 base score 7.2 (HIGH) with network access, h...

CVE-2025-9519 Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

WordPress plugin Easy Timer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2025-35869

Name of the Vulnerable Software and Affected Versions: Easy Timer plugin for WordPress versions prior to 4.2.2 Description: The Easy Timer plugin for WordPress is susceptible to Remote Code Execution through its shortcodes. This is caused by inadequate restriction of shortcode attributes,...