Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-12-21 CVE-2024-11977 The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10.
network
low complexity
CWE-94
7.3
2024-12-19 CVE-2024-11740 The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03.
network
low complexity
CWE-94
7.3
2024-12-13 CVE-2024-11012 The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4.
network
low complexity
CWE-94
6.3
2024-12-13 CVE-2024-12417 The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0.
network
low complexity
CWE-94
6.5
2024-12-13 CVE-2024-12420 The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52.
network
low complexity
CWE-94
6.5
2024-12-13 CVE-2024-12421 The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1.
network
low complexity
CWE-94
6.5
2024-12-12 CVE-2024-12333 The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3.
network
low complexity
CWE-94
6.5
2024-12-12 CVE-2024-10910 The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
CWE-94
7.3
2024-12-09 CVE-2024-12350 Code Injection vulnerability in Jwillber Jfinalcms 1.0
A vulnerability was found in JFinalCMS 1.0.
network
low complexity
jwillber CWE-94
8.8
2024-12-06 CVE-2024-10681 The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51.
network
low complexity
CWE-94
6.3