PT-2024-39397 · WordPress · The Popup Builder

Name of the Vulnerable Software and Affected Versions: The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress versions up to 1.3.5 Description: The issue allows arbitrary shortcode execution via the wp ajax nopriv shortcode Api Add AJAX action. This is due to the...

WordPress WP Popup Builder – Popup Forms and Marketing Lead Generation plugin <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Popup Builder versions = 1.3.5...

CVE-2024-9837 AADMY – Add Auto Date Month Year Into Posts <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution

The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-9837

CVE-2024-9837 – AADMY WordPress plugin : The plugin “Add Auto Date Month Year Into Posts” is vulnerable in all versions up to 2.0.1 due to improper validation before running do_shortcode, enabling unauthenticated arbitrary shortcode execution. Impact: attackers can run arbitrary shortcodes, poten...

WordPress AADMY plugin <= 2.0.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin AADMY versions = 2.0.1...

PT-2024-39877 · WordPress · Aadmy – Add Auto Date Month Year Into Posts

Name of the Vulnerable Software and Affected Versions: The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not...

CVE-2024-9581

The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-9581

CVE-2024-9581 affects the WordPress plugin Shortcodes AnyWhere. The vulnerability is an unauthenticated arbitrary shortcode execution via do_shortcode due to improper value validation in all versions up to 1.0.1. Connected sources confirm this as an active issue (unpatched in Wordfence/NVD entrie...

CVE-2024-8254

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that do...

CVE-2024-8254

CVE-2024-8254 affects the Email Subscribers by Icegram Express for WordPress (

WordPress Email Subscribers by Icegram Express wplugin <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.34...

PT-2024-38892 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress versions up to, and including, 5.7.34 Description: The issue is related to arbitrary shortcode execution due to t...

CVE-2024-8481 Special Text Boxes <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

CVE-2024-8481

CVE-2024-8481 affects the WordPress plugin Special Text Boxes up to 6.2.2 due to the filter add_filter('comment_text','do_shortcode') allowing unauthenticated arbitrary shortcode execution in comments. A patch exists; upgrade to 6.2.4 or later to remediate.

CVE-2024-8481 Special Text Boxes <= 6.2.2 - Unauthenticated Arbitrary Shortcode Execution

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter addfilter'commenttext', 'doshortcode'; which will run all shortcodes in comments. This makes it possible for...

WordPress Special Text Boxes plugin <= 6.2.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Special Text Boxes versions = 6.2.4...

CVE-2024-8623

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...

CVE-2024-8623 MDTF – Meta Data and Taxonomies Filter <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. Thi...