Security Advisory

CVE-2025-15488

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-26 06:00:08

Last updated 2026-03-26 13:34:48

Assigner WPScan

State PUBLISHED

Description

The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode.

← Browse all CVEs View on cve.org ↗