CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution

The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution

The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2802

CVE-2025-2802 (LayoutBoxx) : The WordPress LayoutBoxx plugin (versions ≤ 0.3.1) is vulnerable to unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. Reported CVSSv3.1 base score 7.3 (HIGH). Patch status in provided docs is Unpatched; no fix version is giv...

PT-2025-19832 · WordPress · Layoutboxx

Name of the Vulnerable Software and Affected Versions: LayoutBoxx plugin for WordPress versions up to and including 0.3.1 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do shortcode. This...