{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2802", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-25T21:06:58.772Z", "datePublished": "2025-05-06T04:24:13.420Z", "dateUpdated": "2026-04-08T17:34:41.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:41.656Z"}, "affected": [{"vendor": "layoutboxx", "product": "LayoutBoxx", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "title": "LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3fcb8f-f130-4008-8f11-d98efa30f1a8?source=cve"}, {"url": "https://plugins.svn.wordpress.org/layoutboxx/trunk/layoutboxx.php"}, {"url": "https://wordpress.org/plugins/layoutboxx/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Avraham Shemesh"}], "timeline": [{"time": "2025-05-05T16:07:03.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-06T14:16:00.360788Z", "id": "CVE-2025-2802", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T14:16:08.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-06T14:16:00.360788Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-06T14:16:04.734Z"}}], "cna": {"title": "LayoutBoxx <= 0.3.1 - Unauthenticated Arbitrary Shortcode Execution", "credits": [{"lang": "en", "type": "finder", "value": "Avraham Shemesh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "layoutboxx", "product": "LayoutBoxx", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-05T16:07:03.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3fcb8f-f130-4008-8f11-d98efa30f1a8?source=cve"}, {"url": "https://plugins.svn.wordpress.org/layoutboxx/trunk/layoutboxx.php"}, {"url": "https://wordpress.org/plugins/layoutboxx/#developers"}], "descriptions": [{"lang": "en", "value": "The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:41.656Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2802", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:41.656Z", "dateReserved": "2025-03-25T21:06:58.772Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-06T04:24:13.420Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."}, {"lang": "es", "value": "El complemento LayoutBoxx para WordPress es vulnerable a la ejecuci\u00f3n de shortcodes arbitrarios en todas las versiones hasta la 0.3.1 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto permite que atacantes no autenticados ejecuten shortcodes arbitrarios."}], "id": "CVE-2025-2802", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-06T05:15:49.483", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/layoutboxx/trunk/layoutboxx.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/layoutboxx/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3fcb8f-f130-4008-8f11-d98efa30f1a8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:57:20.260629+00:00", "value": {"mitigation_remediation": ["Update the LayoutBoxx plugin to the latest official release (any version newer than 0.3.1).", "If an update is not available, disable or completely remove the LayoutBoxx plugin from the site to eliminate the attack surface.", "Harden WordPress by disabling shortcodes in unauthenticated contexts using a security plugin or custom code, and monitor server logs for unexpected shortcode execution attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All versions of the LayoutBoxx plugin up to and including 0.3.1 are affected. The vendor is LayoutBoxx and the product is the WordPress plugin named LayoutBoxx.", "description_and_impact": "The LayoutBoxx plugin for WordPress allows unauthenticated users to run any shortcode without validating the input. The plugin feeds user\u2011supplied content directly into WordPress\u2019s do_shortcode function, which executes the code within the shortcode. Because shortcodes can invoke arbitrary PHP code or WordPress functions, an attacker can run malicious PHP on the server, leading to a full compromise of confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 7.3 classifies this flaw as high severity, and the EPSS score of 1.35% indicates that exploitation is technically possible but not widespread. The vulnerability is remote and unauthenticated; an attacker only needs to craft a request containing a malicious shortcode and send it to any page that processes shortcodes. Although the flaw has not yet been listed in the CISA KEV catalog, it presents a significant risk of remote code execution on any live WordPress site that has the plugin enabled."}}}}, "created": "2025-07-12T15:26:07.380459+00:00", "updated": "2026-04-21T21:00:36.011769+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}