WordPress Plugin BuddyPress Code Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-24353

CVE-2026-24353 affects the WordPress plugin User Registration (WordPress User Registration plugin) up to version 4.4.9. Root cause: Missing/incorrect authorization configuration enabling an attacker to perform actions (arbitrary shortcode execution) via user-registration area. Impact per sources ...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2025-69001

CVE-2025-69001 affects the WordPress plugin FluentForm (FluentForm/fluentform) up to version 6.1.11. The issue is an Improper Control of Generation of Code (Code Injection) that enables Arbitrary Shortcode Execution. Public sources (NVD/Red Hat/ CVE records) confirm the vulnerability and indicate...

CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-47600

CVE-2025-47600 affects WoodMart (xtemos WoodMart theme) up to version 8.3.7. Description notes a Basic XSS via improper neutralization of script-related HTML tags enabling Code Injection in WoodMart pages. Connected sources show concrete details: affected product WoodMart; vulnerability type Basi...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

WordPress Textmetrics plugin <= 3.6.4 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin Textmetrics versions = 3.6.4...

WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme WoodMart versions = 8.3.7...

WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin User Registration versions = 4.4.9...

WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Arbitrary Shortocde Execution vulnerability discovered by Kishan Vyas in WordPress Plugin GiveWP versions = 4.13.1...

CVE-2025-1325

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rclpreviewpost' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, wi...

WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme DeepDigital versions = 1.0.2...

WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressdoshortcode Function vulnerability discovered by abrahack in WordPress Plugin GamiPress versions = 7.2.1...

CVE-2025-14539

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...