{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15488", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-01-08T16:00:27.167Z", "datePublished": "2026-03-26T06:00:08.798Z", "dateUpdated": "2026-03-26T13:34:48.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:08.798Z"}, "title": "Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution", "problemTypes": [{"descriptions": [{"description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Responsive Plus", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "3.4.3"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}], "references": [{"url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Alex Tselevich (nos3curity)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:34:31.641435Z", "id": "CVE-2025-15488", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:34:48.726Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15488", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T13:34:31.641435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:34:45.926Z"}}], "cna": {"title": "Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Alex Tselevich (nos3curity)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Responsive Plus", "versions": [{"status": "affected", "version": "0", "lessThan": "3.4.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:08.798Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15488", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:34:48.726Z", "dateReserved": "2026-01-08T16:00:27.167Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-26T06:00:08.798Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does not properly validate the content_rech_data parameter before processing it as a shortcode."}], "id": "CVE-2025-15488", "lastModified": "2026-03-26T14:16:07.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T07:16:19.500", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/80ce0f88-3065-48c4-a491-b70e067ce4d7/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.4.3)"}}], "enrichment": {"confidence": 81.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 81.0, "source": "matching"}]}, "original": {"product": "Responsive Plus", "source": "cna", "vendor": "Unknown"}, "product": "responsive_menu", "vendor": "responsive"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-26T13:52:36.807754+00:00", "value": {"mitigation_remediation": ["Upgrade the Responsive Plus plugin to version 3.4.3 or later, which removes the vulnerable AJAX action and adds proper input validation.", "If an immediate update is not possible, block unauthenticated access to the update_responsive_woo_free_shipping_left_shortcode endpoint using a web application firewall or server\u2011side rule that rejects requests to that action.", "Disable or limit any plugin features that expose the vulnerable AJAX action to reduce the attack surface."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "This flaw affects all WordPress installations that have the Responsive Plus plugin installed at a version earlier than 3.4.3. The vendor is listed as Unknown:Responsive Plus, and the vulnerability applies to every instance of the plugin across all WordPress sites that have the insecure AJAX endpoint enabled.", "description_and_impact": "The Responsive Plus plugin for WordPress allows any visitor to trigger the AJAX action update_responsive_woo_free_shipping_left_shortcode, passing a content_rech_data value that is treated as a shortcode without proper validation. Based on the description, it is inferred that an attacker can supply a shortcode that executes arbitrary PHP code, potentially giving the attacker full control over the site, compromising data confidentiality, integrity, and availability.", "risk_and_exploitability": "The vulnerable endpoint is publicly accessible and does not require authentication, meaning any internet\u2011connected user could exploit it. No EPSS score is available, but the nature of the bug\u2014unrestricted remote code execution\u2014indicates a high severity level. The flaw is not currently listed in the CISA Known Exploited Vulnerabilities catalog, yet its absence of authentication and lack of input validation make it an attractive target for automated exploitation."}}}}, "created": "2026-03-26T11:30:23.141170+00:00", "updated": "2026-03-26T13:54:58.545147+00:00", "vendors": ["responsive", "responsive$PRODUCT$responsive_menu", "wordpress", "wordpress$PRODUCT$wordpress"]}