CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution

The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...

CVE-2025-1510

CVE-2025-1510 affects the Custom Post Type Date Archives plugin for WordPress (

CVE-2025-1509 Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-1509

The CVE-2025-1509 shows a vulnerability in the Show Me The Cookies WordPress plugin (versions up to 1.0) enabling unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. This can allow an attacker to run arbitrary shortcodes on affected sites. The Wordfence a...

CVE-2025-1509 Show Me The Cookies <= 1.0 - Unauthenticated Arbitrary Shortcode Execution

The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress plugin Custom Post Type Date Archives 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code injection vulnerability exis...

WordPress plugin Show Me The Cookies 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in the...

PT-2025-7517 · WordPress · Show Me The Cookies

Name of the Vulnerable Software and Affected Versions: The Show Me The Cookies plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value...

PT-2025-7518 · WordPress · Custom Post Type Date Archives

Name of the Vulnerable Software and Affected Versions: The Custom Post Type Date Archives plugin for WordPress versions up to, and including, 2.7.1 Description: The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution. This issue arises because the...

PT-2025-7328 · WordPress · Buddyforms

Name of the Vulnerable Software and Affected Versions: BuddyForms plugin for WordPress versions up to, and including, 2.8.15 Description: The BuddyForms plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping on...

WordPress Rife Elementor Extensions & Templates plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Writing Effect Headline Shortcode vulnerability discovered by zer0gh0st in WordPress Plugin Rife Elementor Extensions & Templates versions = 1.2.5...

WordPress Frontend Content Forms for User Submissions (UGC) plugin <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'buddyformsnav' Shortcode vulnerability discovered by Max Boll b0lli in WordPress Plugin BuddyForms versions = 2.8.15...

WordPress Custom Post Type Date Archives plugin <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution vulnerability

Missing Authorization to Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Custom Post Type Date Archives versions = 2.7.1...

WordPress Show Me The Cookies plugin <= 1.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin Show Me The Cookies versions = 1.0...

CVE-2025-1489

The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2024-13455

The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbicalendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-12452

The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeoevent' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2024-13648

The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-1410

The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...