CVE-2024-9578

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

CVE-2024-9578

CVE-2024-9578 : The Hide Links WordPress plugin is vulnerable in all versions up to and including 1.4.2, allowing unauthenticated attackers to execute arbitrary shortcodes by abusing do_shortcode via the comment_text filter. Impact is unauthenticated shortcode execution on the target site. Remedi...

CVE-2024-9578 Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution

The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to doshortcode being hooked through the commenttext filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the...

PT-2024-39697 · WordPress · Hide Links

Name of the Vulnerable Software and Affected Versions: The Hide Links plugin for WordPress versions up to and including 1.4.2 Description: The issue allows unauthorized shortcode execution due to do shortcode being hooked through the comment text filter. This enables unauthenticated attackers to...

WordPress Hide Links plugin <= 1.4.2 - Unauthenticated Shortcode Execution vulnerability

Unauthenticated Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Hide Links versions = 1.4.2...

WordPress WP Photo Album Plus plugin <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay vulnerability

Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin WP Photo Album Plus versions = 8.8.08.007...

Exploit for Code Injection in Wppa Wp_Photo_Album_Plus

WordPress WP Photo Album Plus Arbitrary Shortcode Execution...

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2024-10958

CVE-2024-10958 affects the WP Photo Album Plus WordPress plugin. The Red Hat and Wordfence sources confirm an unauthenticated arbitrary shortcode execution vulnerability via the getshortcodedrenderedfenodelay AJAX action in versions up to 8.8.08.007. The underlying issue is a lack of proper valid...

PT-2024-16662 · WordPress · Wp Photo Album Plus

Name of the Vulnerable Software and Affected Versions: WP Photo Album Plus versions prior to 8.8.08.007 WP Photo Album Plus versions prior to 8.8.08.004 Description: The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via the getshortcodedrenderedfenodelay...

CVE-2024-10640

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-10261

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.0 - Unauthenticated Arbitrary Shortcode Execution

The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not...

CVE-2024-10261

CVE-2024-10261 affects the Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction WordPress plugin (

CVE-2024-10640 The FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

WordPress plugin The Paid Membership Subscriptions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exis...

PT-2024-16142 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.13.0 Description: The issue is related to arbitrary shortcode execution due to the software...