WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NitroPack versions = 1.16.7...

WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin WPCS versions = 1.2.0.3...

WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Ninja Forms versions = 3.8.4...

WordPress Album and Image Gallery plus Lightbox plugin <= 2.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Album and Image Gallery plus Lightbox versions = 2.0...

CVE-2024-4194

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This mak...

CVE-2024-4194

Affected software. The Album and Image Gallery plus Lightbox (WordPress plugin) is vulnerable up to version 2.0. The issue is due to improper validation of a value before do_shortcode, enabling unauthenticated attackers to execute arbitrary shortcodes. This CVE is corroborated by multiple sources...

CVE-2024-4194 Album and Image Gallery plus Lightbox <= 2.0 - Unauthenticated Arbitrary Shortcode Execution

The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This mak...

Album and Image Gallery plus Lightbox < 2.1 - Unauthenticated Arbitrary Shortcode Execution

Description The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running...

PT-2024-29648 · WordPress · Album/Image Gallery Plus Lightbox

Name of the Vulnerable Software and Affected Versions: The Album and Image Gallery plus Lightbox plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to arbitrary shortcode execution. This is due to the software allowing users to execute an action that does no...

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcode. This make...

WordPress WP Photo Album Plus plugin <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Photo Album Plus versions = 8.7.00.003...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...

WP Photo Album Plus < 8.7.00.004 - Unauthenticated Arbitrary Shortcode Execution

Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running doshortcod...

CVE-2024-4261

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-4261 Responsive Contact Form Builder & Lead Generation Plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-34434 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability

Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3.2...

CVE-2024-4039

The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...

CVE-2024-4038

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...