12 matches found
EUVD-2025-201936
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...
CVE-2025-13642
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...
CVE-2025-13642 ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...
PT-2025-49979
Name of the Vulnerable Software and Affected Versions ProfilePress versions through 4.16.7 Description The ProfilePress plugin for WordPress is susceptible to arbitrary shortcode execution due to inadequate input sanitization of the type parameter within the form preview functionality. This allow...
WordPress plugin The Pojo Forms 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exists ...
PT-2024-16635 · WordPress · Pojo Forms
Name of the Vulnerable Software and Affected Versions: Pojo Forms plugin for WordPress versions 1.4.7 and earlier Description: The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via the form preview shortcode AJAX action. This is due to the software allowing users ...
WordPress Pojo Forms plugin <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution via formpreviewshortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Pojo Forms versions = 1.4.7...
CVE-2024-22220
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...
CVE-2024-22220
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...
Cross site scripting
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...
CVE-2024-22220
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...
CVE-2024-22220
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview...