CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-24353 WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...

CVE-2026-22469

CVE-2026-22469 affects the WordPress theme/kit DeepDigital: DeepDigital WordPress Theme (DeepDigital) up to and including version 1.0.2. The vulnerability is described as an Unauthenticated Arbitrary Shortcode Execution caused by improper neutralization of script-related HTML tags in a web page, ...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...

CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-69001 WordPress FluentForm plugin <= 6.1.11 - Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

CVE-2025-69001

CVE-2025-69001 affects the WordPress plugin FluentForm (FluentForm/fluentform) up to version 6.1.11. The issue is an Improper Control of Generation of Code (Code Injection) that enables Arbitrary Shortcode Execution. Public sources (NVD/Red Hat/ CVE records) confirm the vulnerability and indicate...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-47600

CVE-2025-47600 affects WoodMart (xtemos WoodMart theme) up to version 8.3.7. Description notes a Basic XSS via improper neutralization of script-related HTML tags enabling Code Injection in WoodMart pages. Connected sources show concrete details: affected product WoodMart; vulnerability type Basi...

WordPress Textmetrics plugin <= 3.6.4 - Content Injection vulnerability

Content Injection vulnerability discovered by theviper17 in WordPress Plugin Textmetrics versions = 3.6.4...

WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...

WordPress Gotham Block Extra Light plugin path traversal vulnerability

The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability

Arbitrary Shortcode Execution vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme XStore versions = 9.6.4...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-0913

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uspaccess' shortcode in all versions up to, and including, 20260110 due to insufficient input sanitization and output escaping on user...

CVE-2025-8615

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2026-3142

The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewpshortcodetaxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...