CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-13958

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

EUVD-2025-205633

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-adcontent' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server...

EUVD-2025-205596

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2...

CVE-2025-13592 Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-adcontent' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-68897

The connected Wordfence report documents CVE-2025-68897 as affecting IF AS Shortcode. It is described as an Unauthenticated? No, the entry shows “Authenticated (Contributor+) Remote Code Execution” via the IF AS Shortcode before 1.2, implying code execution when an attacker with Contributor+ righ...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

WordPress Advanced Ads plugin <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode vulnerability

Authenticated Editor+ Remote Code Execution via Shortcode vulnerability discovered by NosleeP++ in WordPress Plugin Advanced Ads versions = 2.0.14...

CVE-2025-13958

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

EUVD-2025-205552

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS

The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2025-13958

CVE-2025-13958 relates to the YaMaps for WordPress Plugin prior to 0.6.40, which does not validate and escape certain shortcode attributes before output. This can enable a stored XSS condition in pages or posts where the shortcode is embedded if an attacker has the Contributor role or higher. Roo...

PT-2025-53752

Name of the Vulnerable Software and Affected Versions Mohammad I. Okfie IF AS Shortcode versions through 1.2 Description A code injection issue exists in Mohammad I. Okfie IF AS Shortcode. The flaw allows for code injection, potentially enabling attackers to execute malicious code. The affected...

PT-2025-53697

Name of the Vulnerable Software and Affected Versions YaMaps for WordPress Plugin versions prior to 0.6.40 Description The YaMaps for WordPress Plugin does not properly validate and escape shortcode attributes before displaying them on a page or post. This could allow users with contributor roles...

WordPress plugin YaMaps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin IF AS Shortcode 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injectio...

WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by mcdruid in WordPress Plugin IF AS Shortcode versions = 1.2...