CVE-2025-2805

Name of the Vulnerable Software and Affected Versions: ORDER POST plugin for WordPress versions up to, and including, 2.0.2

Description: The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value before running do shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes, potentially leading to remote code execution.

Recommendations: For versions up to, and including, 2.0.2, consider disabling the do shortcode function or restricting access to it until a patch is available. As a temporary workaround, avoid using unvalidated input in the affected plugin to minimize the risk of exploitation.