CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2025/04/15 9:53 p.m.•6 views

CVE-2025-26996 WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.0.1...

6.5CVSS7.2AI score0.00261EPSS

RedhatCVE•added 2025/04/13 1:42 p.m.•26 views

CVE-2025-3422

The The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not proper...

6.3CVSS7.3AI score0.00251EPSS

RedhatCVE•added 2025/04/12 8:9 a.m.•25 views

CVE-2025-2809

The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

7.3CVSS7.9AI score0.0042EPSS

RedhatCVE•added 2025/04/12 8:6 a.m.•18 views

CVE-2025-2805

The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

7.3CVSS7.9AI score0.0042EPSS

NVD•added 2025/04/11 1:15 p.m.•18 views

CVE-2025-3422

6.3CVSS0.00251EPSS

OSV•added 2025/04/11 1:15 p.m.•5 views

CVE-2025-3422

6.3CVSS7.1AI score

CVE•added 2025/04/11 12:42 p.m.•75 views

CVE-2025-3422

The CVE-2025-3422 entry describes a vulnerability in the WordPress Everest Forms plugin (versions up to and including 3.1.1). The underlying issue is improper validation of a value before running do_shortcode, enabling arbitrary shortcode execution. This allows authenticated attackers with Subscr...

6.3CVSS5.7AI score0.00251EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/04/11 12:42 p.m.•21 views

CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS0.00251EPSS

Vulnrichment•added 2025/04/11 12:42 p.m.•14 views

CVE-2025-3422 Everest Forms <= 3.1.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

5.4CVSS7.2AI score0.00251EPSS

CNNVD•added 2025/04/11 12:0 a.m.•4 views

WordPress plugin Everest Forms 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

6.3CVSS7.5AI score0.00251EPSS

Exploits0References4

NVD•added 2025/04/10 7:15 a.m.•12 views

CVE-2025-2809

NVD•added 2025/04/10 7:15 a.m.•11 views

CVE-2025-2805

Vulnrichment•added 2025/04/10 7:2 a.m.•6 views

CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

CVE•added 2025/04/10 7:2 a.m.•71 views

CVE-2025-2805

CVE-2025-2805 is an unauthenticated arbitrary shortcode execution in the ORDER POST WordPress plugin (versions up to 2.0.2). The root cause is improper validation before running do_shortcode, enabling attackers to execute arbitrary shortcodes. Wordfence & the CVE entry list this as a high-severit...

Cvelist•added 2025/04/10 7:2 a.m.•22 views

CVE-2025-2805 ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Vulnrichment•added 2025/04/10 7:2 a.m.•7 views

CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

Cvelist•added 2025/04/10 7:2 a.m.•17 views

CVE-2025-2809 azurecurve Shortcodes in Comments <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution

CVE•added 2025/04/10 7:2 a.m.•64 views

CVE-2025-2809

CVE-2025-2809 affects the WordPress plugin “azurecurve Shortcodes in Comments” (vulnerable through version 2.0.2). The issue is unauthenticated arbitrary shortcode execution caused by calling do_shortcode without proper value validation. This allows an attacker, without authentication, to execute...