PT-2025-6577 · WordPress · Zigaform – Price Calculator & Cost Estimation Form Builder

Name of the Vulnerable Software and Affected Versions: Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'zgfm fvar' shortcode due to...

PT-2025-6575 · WordPress · Simple Charts

Name of the Vulnerable Software and Affected Versions: Simple Charts plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the simple chart shortcode. This allows authenticated...

WordPress Uncode Core plugin <= 2.9.1.6 - Authenticated (Subscriber+) Arbitrary Shortcode Execution in uncode_get_medias vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution in uncodegetmedias vulnerability discovered by mikemyers in WordPress Plugin Uncode Core versions = 2.9.1.6...

WordPress PressMart theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Lucio Sá in WordPress Theme PressMart versions = 1.2.16...

WordPress WP-FormAssembly plugin <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by yudha in WordPress Plugin WP-FormAssembly versions = 2.0.11...

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data...

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13345

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

PT-2025-6560 · WordPress · Customer Email Verification For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Email Verification for WooCommerce plugin for WordPress versions up to, and including, 2.9.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive data, including emails an...

PT-2025-6567 · WordPress · Front End Users

Name of the Vulnerable Software and Affected Versions: Front End Users plugin for WordPress versions up to, and including, 3.2.30 Description: The issue is related to Stored Cross-Site Scripting via the plugin's forgot-password shortcode due to insufficient input sanitization and output escaping ...

CVE-2025-24564

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...

CVE-2025-24564 WordPress Contact Form With Shortcode plugin <= 4.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aviplugins.com Contact Form With Shortcode contact-form-with-shortcode allows Reflected XSS.This issue affects Contact Form With Shortcode: from n/a through = 4.2.5...

CVE-2025-24564

CVE-2025-24564 corresponds to a WordPress plugin vulnerability: WordPress plugin “Contact Form With Shortcode” (versions up to 4.2.5) suffers a Reflected XSS due to improper input neutralization during page generation. The issue is tracked across multiple feeds (Red Hat, NVD, CVE List) with the s...

CVE-2024-13814

The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

WordPress plugin Contact Form With Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-7021 · Unknown · Contact Form With Shortcode

Name of the Vulnerable Software and Affected Versions: Contact Form With Shortcode versions n/a through 4.2.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This can be exploited...

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13345

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2024-13345

The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...