2024-12-06 | CVE-2024-10909 | The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. | 6.3 |
2024-11-26 | CVE-2024-11002 | The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. | 6.3 |
2024-11-18 | CVE-2024-52427 | Code Injection vulnerability in Vollstart Event Tickets With Ticket Scanner Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. | 8.8 |
2024-11-18 | CVE-2024-52434 | Code Injection vulnerability in Supsystic Popup Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. | 9.1 |
2024-11-16 | CVE-2024-10262 | The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. | 6.3 |
2024-11-13 | CVE-2024-21541 | Code Injection vulnerability in Matthewmueller Dom-Iterator All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. | 9.8 |
2024-11-10 | CVE-2024-10958 | Code Injection vulnerability in Wppa WP Photo Album Plus The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . | 7.3 |
2024-11-09 | CVE-2024-10261 | The The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. | 7.3 |
2024-11-09 | CVE-2024-10640 | The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. | 7.3 |
2024-11-05 | CVE-2024-10263 | Code Injection vulnerability in Tickera The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. | 7.3 |