CVE-2025-2169

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-94
View all →

Vulnerability Description

The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Related Vulnerabilities

CVE-2005-3302

HIGH
CVSS:7.3(High)

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

CWE-942005

CVE-2016-7966

HIGH
CVSS:7.3(High)

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sig...

CWE-942016

CVE-2019-10173

HIGH
CVSS:7.3(High)

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attack...

CWE-942019

CVE-2022-0845

HIGH
CVSS:7.3(High)

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

CWE-942022

CVE-2022-28766

HIGH
CVSS:7.3(High)

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged ...

CWE-942022

CVE-2022-36069

HIGH
CVSS:7.3(High)

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are const...

CWE-942022