CVE-2025-30541

CVE-2025-30541 is a CSRF vulnerability in the WordPress plugin “Info Boxes Shortcode and Widget.” Affected versions are up to 1.15 (from n/a through 1.15). The CVSS 3.1 base metrics indicate an overall MEDIUM impact (4.3), requiring user interaction with networked access and low attack complexity...

WordPress Info Boxes Shortcode And Widgets plugin <= 1.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Info Boxes Shortcode and Widget versions = 1.15...

WordPress plugin Info Boxes Shortcode and Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Info Boxes...

CVE-2025-2262

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

VulnCheck KEV: CVE-2024-3808

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...

WordPress s2Member Pro plugin <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion to Remote Code Execution via Shortcode vulnerability discovered by István Márton in WordPress Plugin s2Member Pro versions = 250214...

CVE-2025-2262

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

CVE-2025-2262

CVE-2025-2262 – WordPress Logo Slider (GS-Logo-Slider) vulnerability : Affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation for WordPress, versions up to and including 3.7.3. The flaw arises from executing an action without proper validation before running...

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Logo Slider plugin <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin GS Logo Slider versions = 3.7.3...

CVE-2025-1119

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2025-1119

CVE-2025-1119 affects the WordPress plugin “Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin” and allows unauthenticated attackers to execute arbitrary shortcodes via an improper validation of values before running do_shortcode. The issue impacts all versions up to and i...

CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2025-1119 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.5 - Unauthenticated Arbitrary Shortcode Execution

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value...

CVE-2025-2169

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2025-1559

CVE-2025-1559 (CC-IMG-Shortcode for WordPress) is a stored XSS vulnerability in versions up to 1.1.0 of the CC-IMG-Shortcode plugin. It arises from insufficient input sanitization and output escaping on attributes of the plugin’s img shortcode, allowing an authenticated attacker with contributor-...

CVE-2025-1559 CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin CC-IMG-Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...