Arbitrary Shortcode Execution in azurecurve Shortcodes in Comments Plugin for WordPress
CVE-2025-2809

7.3HIGH

Key Information:

Vendor

WordPress
Status
Azurecurve Shortcodes In Comments
Vendor
CVE Published:
10 April 2025

What is CVE-2025-2809?

The azurecurve Shortcodes in Comments plugin for WordPress presents a serious security concern due to a flaw that permits arbitrary shortcode execution. This vulnerability arises from inadequate validation during user actions, specifically when executing the do_shortcode function. As a result, unauthenticated attackers can leverage this weakness to execute malicious shortcodes, potentially compromising the site’s integrity and security. It is crucial for users to review their plugin versions and apply necessary updates to safeguard against exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

azurecurve Shortcodes in Comments * <= 2.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/azurecurve-shortcodes-in-co...
https://plugins.trac.wordpress.org/browser/azurecurve-sho...

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Avraham Shemesh
JSON
.