876 matches found
CVE-2026-5797
The CVE-2026-5797 issue affects the WordPress plugin Quiz And Survey Master (QSM) up to version 11.1.0 . The vulnerability stems from insufficient input sanitization of user-submitted quiz answer text and the plugin calling do_shortcode() on the entire results page output, including answers. Sinc...
CVE-2026-5797
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of doshortcode on user-submitted quiz answer text. User-submitted answers pass through...
PT-2026-33411
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution of do shortcode on user-submitted quiz answer text. User-submitted answers pass through sanitize...
WordPress Germanized for WooCommerce plugin <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Germanized for WooCommerce versions = 3.20.5...
CVE-2026-2582
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...
EUVD-2026-22223
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2026-2582
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2026-2582 Germanized for WooCommerce <= 3.20.5 - Unauthenticated Arbitrary Shortcode Execution
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'accountholder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2026-2582
The vulnerability (CVE-2026-2582) affects the Germanized for WooCommerce WordPress plugin and allows unauthenticated attackers to execute arbitrary shortcodes via the account_holder parameter in any version up to 3.20.5. The root cause is that the plugin performs an action that does not properly ...
PT-2026-32600
The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before runnin...
CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...
CVE-2026-39712
The CVE-2026-39712 issue is in the WordPress tagDiv Composer plugin, specifically the td-composer component, and affects versions up to and including 5.4.3. The root cause is Improper Neutralization of Script-Related HTML Tags, enabling Code Injection/Arbitrary Shortcode Execution. Impact is desc...
CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...
CVE-2026-39637
CVE-2026-39637 is associated with the WordPress Mogi theme (
CVE-2026-39637 WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...
CVE-2026-39637 WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...
CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...
CVE-2026-39629
CVE-2026-39629 affects kutethemes Uminex WordPress theme versions up to and including 1.0.9. The issue is described as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) that allows Code Injection via shortcode handling, leading to arbitrary shortcode execution. Concret...
CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...