CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

CVE-2024-10959 Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth

The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via wootgetsmth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth vulnerability

Unauthenticated Arbitrary Shortcode Execution via wootgetsmth vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.6.5...

WordPress ARMember plugin <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin ARMember versions = 4.0.51...

CVE-2024-10909

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10681

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not...

CVE-2024-10681

CVE-2024-10681 (ARMember WordPress plugin) affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup for WordPress, versions up to and including 4.0.51. The issue arises from the plugin executing an action without properly validating a value before runni...

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10909 Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode

The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via formpreviewshortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10909

The Pojo Forms WordPress plugin (pojo-forms) contains a vulnerability affecting versions up to 1.4.7 where an authenticated user with Subscriber+ can trigger arbitrary shortcode execution via the form_preview_shortcode AJAX action. The issue stems from insufficient validation before running do_sh...

WordPress Pojo Forms plugin <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution via formpreviewshortcode vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Pojo Forms versions = 1.4.7...

CVE-2024-10952

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10952

CVE-2024-10952 affects the WordPress Authors List plugin (versions up to 2.0.4). The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via update_authors_list_ajax, because the action does not validate the value before running do_shortcode. Impact is unauthenticated s...

WordPress Authors List plugin <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax vulnerability

Unauthenticated Arbitrary Shortcode Execution via updateauthorslistajax vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Authors List versions = 2.0.4...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-11002

CVE-2024-11002 — InPost Gallery (WordPress) The InPost Gallery plugin is vulnerable up to version 2.1.4.2 to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action. The issue arises from validating a value before executing do_shortcode, enabling authenticated user...

CVE-2024-11002 InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpostgallerygetshortcodetemplate AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value...