CVE-2025-8105 Soledad <= 8.6.7 - Unauthenticated Arbitrary Shortcode Execution

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-27294 WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through = 2.85.0...

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...