2 matches found
CVE-2025-1510 Custom Post Type Date Archives <= 2.7.1 - Missing Authorization to Unauthenticated Arbitrary Shortcode Execution
The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it...
CVE-2025-1509
The CVE-2025-1509 shows a vulnerability in the Show Me The Cookies WordPress plugin (versions up to 1.0) enabling unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode. This can allow an attacker to run arbitrary shortcodes on affected sites. The Wordfence a...