WordPress Code Snippets CPT plugin <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Francesco Carlucci in WordPress Plugin Code Snippets CPT versions = 2.1.0...

WordPress plugin WP-Recall 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

WordPress plugin Shortcode Cleaner Lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13815

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13815

CVE-2024-13815 concerns the Listingo WordPress theme (

CVE-2024-13815 Listingo - Business Listing and Directory WordPress Theme <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution

The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress Master Slider plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via msslider Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Master Slider versions = 3.10.7...

WordPress Listingo plugin <= 3.2.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme Listingo versions = 3.2.7...

CVE-2025-0512

The Structured Content JSON-LD wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's scfslocalbusiness shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806 Authors List <= 2.0.6 - Unauthenticated Arbitrary Shortcode Execution

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13806

CVE-2024-13806 – The Authors List plugin for WordPress (versions

CVE-2024-13559 TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'txwoowishlisttable' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

WordPress plugin The Authors List 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A code injection vulnerabili...

PT-2025-9162 · WordPress · Authors List

Name of the Vulnerable Software and Affected Versions: The Authors List plugin for WordPress versions up to and including 2.0.6 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to...