CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

April 26, 2025

CVE ID : CVE-2025-2801

Published : April 26, 2025, 4:15 a.m. | 3 hours, 13 minutes ago

Description : The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13808 – Xpro Elementor Addons – Pro WordPress Remote Code Execution Vulnerability

Next Article Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Laravel in the First Half of 2025

Laravel in the First Half of 2025

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

GOnnect – easy to use VoIP client

GOnnect – easy to use VoIP client

Gnuinos – spin of Devuan Linux

5 Best Free and Open Source Backend Electronic Circuit Simulators

CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

CVE-2025-53602 – Zipkin Spring Boot Actuator Heapdump Information Disclosure

CVE-2025-7068 – HDF5 Memory Leak Vulnerability

How to install a screen protector on your gaming handheld — Steam Deck, ROG Ally, Legion Go, and more

Microsoft enhances Outlook’s email subject headers for a better reading experience

Compress is text compression for generating keyboard expansions

This stuff is way better than super glue

Unlock Seamless Test Automation and Drive Quality with NG-TxHyperAutomate

CVE-2025-2506 – EDB pglogical Replication Connection Verification Bypass

Best Free and Open Source Alternatives to Progress Kemp LoadMaster

CVE-2025-5162 – H3C SecCenter SMP-E1114P02 Remote File Upload Vulnerability

CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Related Posts