CVE-2025-2802 – WordPress LayoutBoxx Plugin Shortcode Execution Vulnerability

May 6, 2025

CVE ID : CVE-2025-2802

Published : May 6, 2025, 5:15 a.m. | 2 hours, 32 minutes ago

Description : The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4313 – SourceCodester Advanced Web Store SQL Injection Vulnerability

Next Article CVE-2025-4312 – SourceCodester Advanced Web Store SQL Injection

Highlights

CVE-2025-3065 – Apache Database Toolset Remote File Deletion Vulnerability

April 24, 2025

CVE ID : CVE-2025-3065

Published : April 24, 2025, 9:15 a.m. | 2 hours, 25 minutes ago

Description : The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

I recommend this Chromebook over many Windows laptops that cost twice as much

Why I recommend this flagship TCL TV over OLED models that cost more (and don’t regret it)

Finally, a Lenovo ThinkPad that impressed me in performance, design, and battery life

3 productivity gadgets I can’t work without (and why they make such a big difference)

SQL Joins

SQL Joins

Dividing Collections with Laravel’s splitIn Helper

PayHere for Laravel

Distribution Release: IPFire 2.29 Core 195

Distribution Release: IPFire 2.29 Core 195

TeleSculptor – transforms aerial videos and images into Geospatial 3D models

Rilasciato IceWM 3.8: Gestore di Finestre per il Sistema X

CVE-2025-2802 – WordPress LayoutBoxx Plugin Shortcode Execution Vulnerability

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

Microsoft Surface PC prices drop at Best Buy for a limited time — up to $500 off new models and $1,000 off refurbs

CVE-2025-46244 – Dotstore Advanced Linked Variations for Woocommerce Missing Authorization Vulnerability

Developer Spotlight: Max Barvian

Four VS Code Extensions For Laravel/PHP Projects

CVE-2025-3065 – Apache Database Toolset Remote File Deletion Vulnerability

Cloudflare Closes Security Gap That Could Leak Visitor URLs

How DNS Works: A Guide to Understanding the Internet’s Address Book

CVE-2025-5576 – PHPGurukul Dairy Farm Shop Management System SQL Injection Vulnerability

CVE-2025-2802 – WordPress LayoutBoxx Plugin Shortcode Execution Vulnerability

Related Posts