CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/05/14 5:33 a.m.•14 views

CVE-2024-4144 Simple Basic Contact Form <= 20240502 - Unauthenticated Arbitrary Shortcode Execution

The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of...

6.5CVSS6.9AI score0.01719EPSS

Patchstack•added 2024/05/14 1:29 a.m.•5 views

WordPress Simple Basic Contact Form plugin <= 20240502 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Simple Basic Contact Form versions = 20240502...

6.5CVSS7.1AI score0.01719EPSS

CVE•added 2024/05/10 9:32 a.m.•28 views

CVE-2024-4039

CVE-2024-4039 affects Orders Tracking for WooCommerce (WordPress). Unauthenticated attackers can exploit arbitrary shortcode execution via an action that calls do_shortcode without proper validation, impacting all versions up to 1.2.10. A partial patch arrived in 1.2.10 and a full patch in 1.2.11...

6.5CVSS7.4AI score0.01297EPSS

Cvelist•added 2024/05/10 9:32 a.m.•11 views

CVE-2024-4039 Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution

The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running doshortcode...

6.5CVSS7.5AI score0.01297EPSS

Patchstack•added 2024/05/10 2:13 a.m.•2 views

WordPress Orders Tracking for WooCommerce plugin <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Orders Tracking for WooCommerce versions = 1.2.10...

6.5CVSS7.1AI score0.01297EPSS

Positive Technologies•added 2024/05/10 12:0 a.m.•2 views

PT-2024-28822 · WordPress · Orders Tracking For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Orders Tracking for WooCommerce plugin for WordPress versions up to 1.2.10 Description: The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the plugin not properly validating a value before running do...

6.5CVSS8.2AI score0.01297EPSS

Exploits0References4

Cvelist•added 2024/05/09 8:3 p.m.•10 views

CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...

6.5CVSS7.2AI score0.01081EPSS

Vulnrichment•added 2024/05/09 8:3 p.m.•12 views

CVE-2024-4038 Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

6.5CVSS7.6AI score0.01081EPSS

CVE•added 2024/05/09 8:3 p.m.•52 views

CVE-2024-4038

The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro WordPress plugin is vulnerable to unauthenticated arbitrary shortcode execution in all versions up to 5.3.1. The issue arises because the plugin executes do_shortcode on a value without proper validation, enabling attackers to ...

6.5CVSS7.5AI score0.01081EPSS

Cvelist•added 2024/05/08 9:31 a.m.•14 views

CVE-2024-4135 WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to...

5.4CVSS7.1AI score0.0098EPSS

CVE•added 2024/05/08 9:31 a.m.•62 views

CVE-2024-4135

CVE-2024-4135 affects the WP Latest Posts WordPress plugin, vulnerable in all versions up to 5.0.7. Unauthenticated attackers can trigger arbitrary shortcodes due to unvalidated user input used by do_shortcode. CVSS v3.1 base score 5.4 (Medium). A patched version exists; remediation is to update ...

5.4CVSS9.5AI score0.0098EPSS

Patchstack•added 2024/05/08 2:18 a.m.•2 views

WordPress WP Latest Posts plugin <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin WP Latest Posts versions = 5.0.7...

5.4CVSS7.1AI score0.0098EPSS

Patchstack•added 2024/05/08 2:8 a.m.•4 views

WordPress Back In Stock Notifier for WooCommerce plugin <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Back In Stock Notifier for WooCommerce versions = 5.3.1...

6.5CVSS7.1AI score0.01081EPSS

WPVulnDB•added 2024/05/07 12:0 a.m.•13 views

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro < 5.3.2 - Unauthenticated Arbitrary Shortcode Execution

Description The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that doe...

6.5CVSS7.5AI score0.01081EPSS

WPVulnDB•added 2024/05/07 12:0 a.m.•18 views

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

Description The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

6.5CVSS7.3AI score0.00171EPSS

WPVulnDB•added 2024/05/07 12:0 a.m.•11 views

WP Latest Posts < 5.0.8 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

Description The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call ...

5.4CVSS7.8AI score0.0098EPSS

OSV•added 2024/05/02 5:15 p.m.•2 views

CVE-2024-3957

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what...

7.3CVSS6.1AI score0.00655EPSS

NVD•added 2024/05/02 5:15 p.m.•17 views

CVE-2024-3734

The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other...

6.5CVSS6.9AI score0.02011EPSS

Vulnrichment•added 2024/05/02 4:52 p.m.•10 views

CVE-2024-3734 FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution

6.5CVSS6.1AI score0.02011EPSS