CVE-2025-14539

CVE-2025-14539 relates to the WordPress plugin Shortcode Ajax (Shortcode Loader/shortcode-ajax). The vulnerability arises because the plugin executes do_shortcode on a value that is not properly validated, allowing unauthenticated attackers to execute arbitrary shortcodes. Affected versions are a...

CVE-2025-14539 Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-14539 Shortcode Loader <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Shortcode Loader plugin <= 1.0 - Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter vulnerability

Unauthenticated Arbitrary Shortcode Execution via 'code' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin Shortcode Ajax versions = 1.0...

PT-2025-51080

The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for...

WordPress plugin The Shortcode Ajax 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

CVE-2025-13642

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

EUVD-2025-201936

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the type parameter i...

CVE-2025-66533

CVE-2025-66533 is an authentication‑free vulnerability in GiveWP (WordPress donation plugin) that enables arbitrary shortcode execution through GiveWP versions affected up to 4.13.1. The issue is confirmed in the Wordfence Intelligence vulnerability tracking and is categorized as Improper Control...

CVE-2025-66533 WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through = 4.13.1...

WordPress ProfilePress plugin <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin ProfilePress versions = 4.16.7...

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Paid...

CVE-2025-7711

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2025-7711

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

CVE-2025-7711 Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

EUVD-2025-197883

The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before...

WordPress Classified Listing plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via Listing Description vulnerability discovered by Kishan Vyas in WordPress Plugin Classified Listing versions = 5.0.3...

PT-2025-47216

Name of the Vulnerable Software and Affected Versions The Classified Listing – Classified ads & Business Directory Plugin versions prior to 5.0.4 Description The Classified Listing – Classified ads & Business Directory Plugin for WordPress is susceptible to arbitrary shortcode execution. This...

CVE-2025-11268

The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...