CVE-2025-2803

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13557 Shortcodes by United Themes <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution

The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possib...

CVE-2024-13557

CVE-2024-13557 affects the Shortcodes by United Themes plugin for WordPress. All versions up to 5.1.6 are vulnerable to unauthenticated arbitrary shortcode execution because do_shortcode can be invoked without proper input validation. The impact is ability to execute arbitrary shortcodes, with no...

CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2803 So-Called Air Quotes <= 0.1 - Unauthenticated Arbitrary Shortcode Execution

The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-2803

CVE-2025-2803 concerns the WordPress plugin “So-Called Air Quotes”. The description states unauthenticated attackers can trigger arbitrary shortcode execution in all versions up to 0.1 by exploiting a lack of proper validation before running do_shortcode, enabling shortcode execution without cred...

WordPress Shortcodes by United Themes plugin <= 5.1.6 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Shortcodes by United Themes versions = 5.1.6...

PT-2025-13608 · WordPress · So-Called Air Quotes

Name of the Vulnerable Software and Affected Versions: So-Called Air Quotes plugin for WordPress versions up to, and including, 0.1 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do...

WordPress So-Called Air Quotes plugin <= 0.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Avraham Shemesh in WordPress Plugin So-Called Air Quotes versions = 0.1...

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

CVE-2025-30767 WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 5.3.0...

WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by theviper17 in WordPress Plugin PDF for WPForms versions = 5.3.0...

CVE-2025-2262

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262

CVE-2025-2262 – WordPress Logo Slider (GS-Logo-Slider) vulnerability : Affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation for WordPress, versions up to and including 3.7.3. The flaw arises from executing an action without proper validation before running...

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Logo Slider plugin <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin GS Logo Slider versions = 3.7.3...

CVE-2025-1119

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value...