Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-11-12
CVE-2025-12010 - Authors List Plugin
The Authors List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.6.1 via the via arbitrary method call from Authors_List_Shortcode class. This makes it possible for authenticated attackers, with Contributor-level access and above, to call methods such as get_meta to extract sensitive user data including password hashes, email addresses, usernames, and activation keys via specially crafted shortcode attributes
PLUGIN
Authors List
CVE-2025-12010
Risk Score
Threat Entry
Updated 2025-03-01
CVE-2024-13806 - The Authors List Plugin
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
The Authors List
CVE-2024-13806
Risk Score
Threat Entry
Updated 2024-12-04
CVE-2024-10952 - The Authors List Plugin
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
The Authors List
CVE-2024-10952
Risk Score