CVE-2024-13812 – “Anps Theme Plugin WordPress Shortcode Injection Vulnerability”

April 26, 2025

CVE ID : CVE-2024-13812

Published : April 26, 2025, 9:15 a.m. | 2 hours, 49 minutes ago

Description : The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2101 – Edumall WordPress Local File Inclusion Vulnerability

Next Article CVE-2025-2851 – GL.iNet RPC Handler Buffer Overflow

Highlights

CVE-2025-53821 – WeGIA Open Redirect Vulnerability

July 15, 2025

CVE ID : CVE-2025-53821

Published : July 14, 2025, 11:15 p.m. | 3 hours, 36 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix for the issue.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2024-13812 – “Anps Theme Plugin WordPress Shortcode Injection Vulnerability”

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Unified Training Tracking

CVE-2025-53887 – Directus OpenAPI Spec Version Disclosure

CVE-2025-48384 affects Git Cli

Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS

CVE-2025-53821 – WeGIA Open Redirect Vulnerability

grim – screenshot utility for Wayland

CVE-2025-41229 – VMware Cloud Foundation Directory Traversal Vulnerability

CVE-2025-49533 – Adobe Experience Manager MS Deserialization of Untrusted Data Vulnerability

CVE-2024-13812 – “Anps Theme Plugin WordPress Shortcode Injection Vulnerability”

Related Posts