CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

April 26, 2025

CVE ID : CVE-2025-2801

Published : April 26, 2025, 4:15 a.m. | 3 hours, 13 minutes ago

Description : The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Next Article Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

Microsoft plans to lay off 3% of its workforce, reportedly targeting management cuts as it changes to fit a “dynamic marketplace”

A cross-platform Markdown note-taking application

A cross-platform Markdown note-taking application

AI Assistant Demo & Tips for Enterprise Projects

Celebrating Global Accessibility Awareness Day (GAAD)

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4732 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

Nissan Cybersecurity Incident Update: 53,000 Employees Affected

How To Create High Availability Kubernetes Cluster on AWS using KubeOne: Part 1

CVE-2025-4707 – Campcodes Sales and Inventory System SQL Injection Vulnerability

MSP Best Practices: PC Maintenance Checklist

Why Every Business Needs a Website

How are you testing configuration changes?

As Rocksteady reportedly returns to Batman, WB Games’ Wonder Woman is struggling

White Screen in Roblox on Windows 7 [Solved]

CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Related Posts