876 matches found
CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...
CVE-2024-13793
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13793
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13793
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2025-2802
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2024-13793
CVE-2024-13793 affects Wolmart – Multi-Vendor Marketplace WooCommerce Theme for WordPress (versions
CVE-2024-13793 Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore
The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running...
PT-2025-20324 · WordPress · The Wolmart | Multi-Vendor Marketplace Woocommerce Theme
Name of the Vulnerable Software and Affected Versions: Wolmart | Multi-Vendor Marketplace WooCommerce Theme versions 1.8.11 and earlier Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a valu...
WordPress plugin Wolmart 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
WordPress Wolmart theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme Wolmart versions = 1.8.11...
CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2802 LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution
The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2802
CVE-2025-2802 (LayoutBoxx) : The WordPress LayoutBoxx plugin (versions ≤ 0.3.1) is vulnerable to unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. Reported CVSSv3.1 base score 7.3 (HIGH). Patch status in provided docs is Unpatched; no fix version is giv...
PT-2025-19832 · WordPress · Layoutboxx
Name of the Vulnerable Software and Affected Versions: LayoutBoxx plugin for WordPress versions up to and including 0.3.1 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do shortcode. This...
CVE-2024-13738
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13738
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13738
CVE-2024-13738 affects the WordPress theme “Motors – Car Dealer, Rental & Listing” for versions up to 5.6.65. The issue is an unauthenticated arbitrary shortcode execution caused by insufficient validation before running do_shortcode, enabling an attacker to run arbitrary shortcodes. Connected so...
CVE-2024-13738 Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13738 Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running...
PT-2025-18937 · WordPress · The Motors – Car Dealer
Name of the Vulnerable Software and Affected Versions: The Motors - Car Dealer, Rental & Listing WordPress theme versions up to, and including, 5.6.65 Description: The issue is related to arbitrary shortcode execution due to improper validation of a value before running do shortcode, allowing...