The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including,
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insuffi
The WP-Recall WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e
The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action th
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficie
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and incl
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software a
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check o
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all ver
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all ver
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action th
The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the soft
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does n
The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to exe
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This i
The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allow
The The WP-Members Membership Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.2. This is due to the software allowing users to ex
The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the ms_youtube_embeds shortcode in all versions up to, and including, 2.0 due to in
Page 1+ Next →