CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26996 – WordPress Sign-up Sheets plugin <= 2.3.0.1 - Shortcode Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26996
15 Apr 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. The The Sign-up Sheets plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.3.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-0-1-shortcode-injection-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39654 – WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-39654
01 Aug 2024 — Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12. The Sign-up Sheets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cleanArray() function in versions up to, and including, 2.2.12. This makes it possible for unauthenticated attackers to clean data. • https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-12-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31303 – WordPress Sign-up Sheets plugin <= 2.2.11.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31303
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets.This issue affects Sign-up Sheets: from n/a through 2.2.11.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Fetch Designs Sign-up Sheets. Este problema afecta a las hojas de registro: desde n/a hasta 2.2.11.1. The Sign-up Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.11.1. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-11-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •