CVE-2025-7369

CVE-2025-7369 affects the WordPress plugin WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.2. The issue is Cross-Site Request Forgery due to missing/incorrect nonce validation on the preview function, enabling unauthenticated attackers to cause arbitrary shortcode execution by deceiv...

CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...

CVE-2025-7369 Shortcodes Ultimate <= 7.4.2 - Cross-Site Request Forgery to Arbitrary Shortcode Execution

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execut...

CVE-2025-6744

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the...

CVE-2025-6744

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the...

CVE-2025-6744

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the...

CVE-2025-6744

WoodMart for WordPress (Theme)

CVE-2025-6744 Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the...

WordPress plugin Woodmart 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2025-28362 · WordPress · Woodmart

Name of the Vulnerable Software and Affected Versions: Woodmart theme for WordPress versions up to and including 8.2.3 Description: The issue arises from the software allowing users to execute an action that does not properly validate a value before running do shortcode through the woodmart get...

WordPress Woodmart plugin <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.3...

CVE-2025-49250 WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through 25.05.13...

CVE-2025-49250 WordPress Team Showcase plugin < 25.05.13 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in cmoreira Team Showcase team-showcase-cm allows Code Injection.This issue affects Team Showcase: from n/a through 25.05.13...

CVE-2024-8254

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-12420

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-7381

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajaxshortcodecache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary...

CVE-2024-12421

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-12333

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode through the woodmartinstagramajaxquery AJ...

CVE-2024-3734

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...