CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/04 11:16 a.m.•5 views

CVE-2026-3309

This CVE (CVE-2026-3309) concerns the ProfilePress plugin for WordPress (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affected up to version 4.16.11. The issue enables unauthenticated attackers to perform arbitrary shortcode execution via...

Vulnrichment•added 2026/04/04 11:16 a.m.•1 views

ATTACKERKB•added 2026/04/04 11:16 a.m.•1 views

CVE-2026-3309

Positive Technologies•added 2026/04/04 12:0 a.m.•3 views

Exploits0References3

PT-2026-30346

Patchstack•added 2026/03/30 8:6 a.m.•2 views

Exploits0References3

WordPress Responsive Plus plugin < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Responsive Plus versions 3.4.3...

6.5CVSS5.9AI score0.00051EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4004

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

6.5CVSS6.1AI score0.00057EPSS

RedhatCVE•added 2026/03/26 2:56 p.m.•3 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.0016EPSS

EUVD•added 2026/03/26 9:30 a.m.•1 views

EUVD-2025-209044

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the updateresponsivewoofreeshippingleftshortcode AJAX action that does not properly validate the contentrechdata parameter before processi...

6.5CVSS6.2AI score0.00051EPSS

NVD•added 2026/03/26 7:16 a.m.•2 views

CVE-2025-15488

6.5CVSS0.00051EPSS

Vulnrichment•added 2026/03/26 6:0 a.m.•2 views

CVE-2025-15488 Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution

6.2AI score0.00051EPSS

ATTACKERKB•added 2026/03/26 6:0 a.m.•1 views

CVE-2025-15488

6.5CVSS6.2AI score0.00051EPSS

CVE•added 2026/03/26 6:0 a.m.•5 views

CVE-2025-15488

The CVE covers the Responsive Plus WordPress plugin (vulnerable: before 3.4.3). An unauthenticated attacker can trigger arbitrary shortcode execution by abusing the update_responsive_woo_free_shipping_left_shortcode AJAX action, which fails to validate the content_rech_data parameter before proce...

6.5CVSS6.2AI score0.00051EPSS

In wildExploits0References1

Cvelist•added 2026/03/26 6:0 a.m.•24 views

CVE-2025-15488 Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution

0.00051EPSS

CNNVD•added 2026/03/26 12:0 a.m.•2 views

WordPress plugin Responsive Plus 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS6.1AI score0.00051EPSS

Positive Technologies•added 2026/03/26 12:0 a.m.•4 views

PT-2026-28213

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update responsive woo free shipping left shortcode AJAX action that does not properly validate the content rech data parameter before...

6.2AI score0.00051EPSS