CVE-2025-2802

Name of the Vulnerable Software and Affected Versions LayoutBoxx plugin for WordPress versions up to and including 0.3.1

Description The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running do shortcode. This enables the execution of actions that can lead to arbitrary shortcode execution.

Recommendations For versions up to and including 0.3.1, update to a version that fixes this issue, as the current version allows for the execution of arbitrary shortcodes by unauthenticated attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.