Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-12-06 CVE-2024-10909 The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7.
network
low complexity
CWE-94
6.3
2024-11-26 CVE-2024-11002 The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2.
network
low complexity
CWE-94
6.3
2024-11-18 CVE-2024-52427 Code Injection vulnerability in Vollstart Event Tickets With Ticket Scanner
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11.
network
low complexity
vollstart CWE-94
8.8
2024-11-18 CVE-2024-52434 Code Injection vulnerability in Supsystic Popup
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29.
network
low complexity
supsystic CWE-94
critical
9.1
2024-11-16 CVE-2024-10262 The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14.
network
low complexity
CWE-94
6.3
2024-11-13 CVE-2024-21541 Code Injection vulnerability in Matthewmueller Dom-Iterator
All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization.
network
low complexity
matthewmueller CWE-94
critical
9.8
2024-11-10 CVE-2024-10958 Code Injection vulnerability in Wppa WP Photo Album Plus
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 .
network
low complexity
wppa CWE-94
7.3
2024-11-09 CVE-2024-10261 The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0.
network
low complexity
CWE-94
7.3
2024-11-09 CVE-2024-10640 The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2.
network
low complexity
CWE-94
7.3
2024-11-05 CVE-2024-10263 Code Injection vulnerability in Tickera
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4.
network
low complexity
tickera CWE-94
7.3