876 matches found
CVE-2025-3422
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3422
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...
CVE-2025-3422
The CVE-2025-3422 entry describes a vulnerability in the WordPress Everest Forms plugin (versions up to and including 3.1.1). The underlying issue is improper validation of a value before running do_shortcode, enabling arbitrary shortcode execution. This allows authenticated attackers with Subscr...
WordPress plugin Everest Forms 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2025-2805
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2809
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2805
CVE-2025-2805 is an unauthenticated arbitrary shortcode execution in the ORDER POST WordPress plugin (versions up to 2.0.2). The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes. Wordfence & the CVE entry list this as a high-severit...
CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...
CVE-2025-2809
CVE-2025-2809 affects the WordPress plugin “azurecurve Shortcodes in Comments” (vulnerable through version 2.0.2). The issue is unauthenticated arbitrary shortcode execution caused by calling do_shortcode without proper value validation. This allows an attacker, without authentication, to execute...
CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
WordPress plugin ORDER POST 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
PT-2025-15921 · WordPress · Order Post
Name of the Vulnerable Software and Affected Versions: ORDER POST plugin for WordPress versions up to, and including, 2.0.2 Description: The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution due to the software allowing users to execute an action that does not properl...
WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability
Arbitrary Shortcode Execution vulnerability discovered by theviper17 in WordPress Plugin SP Blog Designer versions = 1.0.0...
CVE-2025-31606 WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in softpulseinfotech SP Blog Designer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SP Blog Designer: from n/a through 1.0.0...
CVE-2025-31606 WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Blog Designer: from n/a through = 1.0.0...
CVE-2025-2803
The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...