CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

876 matches found

Cvelist•added 2025/02/20 9:21 a.m.•12 views

CVE-2024-13792 WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids

The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcod...

7.3CVSS0.00247EPSS

Exploits0References2

Patchstack•added 2025/02/19 11:35 p.m.•2 views

WordPress WooCommerce Food - Restaurant Menu & Food ordering plugin <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids vulnerability

WordPress WooCommerce Food - Restaurant Menu & Food ordering plugin = 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids vulnerability discovered by Lucio Sá in WordPress Plugin WooCommerce Food - Restaurant Menu & Food ordering versions = 3.3.2...

9.8CVSS7.2AI score0.00247EPSS

Exploits0References1Affected Software1

NVD•added 2025/02/18 3:15 p.m.•8 views

CVE-2024-13689

The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

6.3CVSS0.0014EPSS

Exploits0References2

Vulnrichment•added 2025/02/18 2:22 p.m.•11 views

CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias

6.3CVSS7.3AI score0.0014EPSS

Exploits0References2

CVE•added 2025/02/18 2:22 p.m.•45 views

CVE-2024-13689

CVE-2024-13689 affects the Uncode Core WordPress plugin. Public details from Wordfence indicate the vulnerability is in Uncode Core

6.3CVSS7.5AI score0.0014EPSS

Exploits0References2

Cvelist•added 2025/02/18 2:22 p.m.•8 views

CVE-2024-13689 Uncode Core <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias

6.3CVSS0.0014EPSS

Exploits0References2

OSV•added 2025/02/18 11:15 a.m.•1 views

CVE-2024-13797

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS7.6AI score

Exploits0References2

NVD•added 2025/02/18 11:15 a.m.•10 views

CVE-2024-13797

9.8CVSS0.00397EPSS

Exploits0References2

Vulnrichment•added 2025/02/18 11:10 a.m.•5 views

CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS7.7AI score0.00397EPSS

Exploits0References2

Cvelist•added 2025/02/18 11:10 a.m.•8 views

CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

7.3CVSS0.00397EPSS

Exploits0References2

CVE•added 2025/02/18 11:10 a.m.•47 views

CVE-2024-13797

CVE-2024-13797 refers to thePressMart theme for WordPress (Elementor/WooCommerce) where an unauthenticated user can trigger arbitrary shortcode execution due to improper validation before do_shortcode. Affected versions: up to 1.2.16. Impact per the document: arbitrary shortcode execution, enabli...

9.8CVSS7.7AI score0.00397EPSS

Exploits0References2Affected Software1

Patchstack•added 2025/02/17 10:27 p.m.•2 views

WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...

6.3CVSS7.1AI score0.0014EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/02/17 10:24 p.m.•2 views

WordPress PressMart theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme PressMart versions = 1.2.16...

9.8CVSS7.1AI score0.00397EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/15 7:23 a.m.•31 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS9.6AI score0.47852EPSS

Exploits1References1

RedhatCVE•added 2025/02/15 7:22 a.m.•6 views

CVE-2024-13345

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

9.8CVSS9.6AI score0.00613EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 8:56 a.m.•8 views

CVE-2024-13814

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

8.8CVSS9.4AI score0.00352EPSS

Exploits0References1

NVD•added 2025/02/13 7:15 a.m.•10 views

CVE-2024-13346

9.8CVSS0.47852EPSS

Exploits1References2

OSV•added 2025/02/13 7:15 a.m.•1 views

CVE-2024-13346

9.8CVSS7.6AI score

Exploits0References2

NVD•added 2025/02/13 7:15 a.m.•7 views

CVE-2024-13345